Update Protection against Novell Client NetIdentity Agent Remote Code Execution
| Check Point Reference: | CPAI-2009-209 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia: SA34574 | |
| Industry Reference(s): | ||
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? Novell NetIdentity Agent prior to 1.2.4 | ||
| Vulnerability Description A remote code execution vulnerability exists in Novell Client NetIdentity Agent. The Novell NetIdentity agent works with eDirectory authentication to provide background authentication to Windows Web-based applications that require eDirectory authentication. The flaw is due to insufficient sanity check when processing crafted RPC messages. An attacker could exploit this vulnerability by sending a specially crafted RPC message to the affected service. |
||
|
Vulnerability Details The vulnerability is due to insufficient input validation when handling RPC messages received at the XTIERRPCPIPE named pipe. Remote attackers could exploit this vulnerability by sending a carefully crafted RPC request to the XTIERRPCPIPE named pipe of a vulnerable Novell NetIdentity agent. Successful exploitation would result in execution of arbitrary code |
Protection Overview By enabling this protection, IPS-1 will detect and block invalid RPC traffic over the named pipe XTIERRPCPIPE.
To configure the defense, select your product from the list below and follow the related protection steps.