Vulnerability Description
Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Netidentity Client1.2.3 | All versions |
Related Weaknesses (CWE)
References
- http://download.novell.com/Download?buildid=6ERQGPjRZ8o~PatchVendor Advisory
- http://www.securityfocus.com/archive/1/502514/100/0/threaded
- http://www.securityfocus.com/bid/34400
- http://www.securitytracker.com/id?1021990
- http://www.vupen.com/english/advisories/2009/0954PatchVendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-09-016/Patch
- https://bugzilla.novell.com/show_bug.cgi?id=437511
- http://download.novell.com/Download?buildid=6ERQGPjRZ8o~PatchVendor Advisory
- http://www.securityfocus.com/archive/1/502514/100/0/threaded
- http://www.securityfocus.com/bid/34400
- http://www.securitytracker.com/id?1021990
- http://www.vupen.com/english/advisories/2009/0954PatchVendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-09-016/Patch
- https://bugzilla.novell.com/show_bug.cgi?id=437511
FAQ
What is CVE-2009-1350?
CVE-2009-1350 is a vulnerability with a CVSS score of 10.0 (HIGH). Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, ...
How severe is CVE-2009-1350?
CVE-2009-1350 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1350?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Netidentity Client1.2.3.