CVE-2009-1350

Novell Netidentity Client1.2.3 - Improper Input Validation

Title source: rule

Description

Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16376

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by MC, Ruben Santamarta · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/netidentity_xtierrpcpipe.rb

View Code ZIP pw:eip

References (7)

[Patch, Vendor Advisory] http://download.novell.com/Download?buildid=6ERQGPjRZ8o~

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1021990

[Patch, Vendor Advisory] http://www.vupen.com/english/advisories/2009/0954

[Patch] http://www.zerodayinitiative.com/advisories/ZDI-09-016/

[Issue Tracking] https://bugzilla.novell.com/show_bug.cgi?id=437511

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/502514/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/34400

Scores

EPSS 0.7546

EPSS Percentile 98.9%

Details

CWE

CWE-20

Status published

Products (1)

novell/netidentity_client1.2.3

Published Apr 21, 2009

Tracked Since Feb 18, 2026