SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   NetSupport Manager Vendors:   NetSupport (Productive Computer Insight)
NetSupport Manager Flaw in Gateway Component Lets Remote Users Deny Service
SecurityTracker Alert ID:  1023508
SecurityTracker URL:  http://securitytracker.com/id/1023508
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 27 2010
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 10.60.0006
Description:   A vulnerability was reported in NetSupport Manager. A remote user can cause denial of service conditions.

A remote user can send specially crafted data to the NetSupport Gateway component to cause the target service to crash.

The vendor was notified on November 11, 2009.

Matthew Whitehead (watcher60) reported this vulnerability.
Impact:   A remote user can cause the target service to crash.
Solution:   The vendor has issued a fix (10.60.0006).
Vendor URL:  www.netsupportsoftware.com/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:   Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Tue, 26 Jan 2010 12:49:14 -0700
Subject:  Netsupport gateway remote DoS

Vendor: Netsupport
Product: Netsupport Manager
Vendor contacted 11 Nov 2009, fixed 11 Jan 2010 in version 10.60.0006

Netsupport gateway is a feature packaged with the netsupport manager product."Delivering seamless Remote Control between PCs that may be located behind different firewalls. The NetSupport Gateway provides a stable and secure method for NetSupport enabled systems to locate and communicate via http."

In all versions prior to 10.60.0006 it is possible to remotely crash the service by simply telneting to the port and hitting return twice, thereby causing a DoS. In versions prior to 10.60.0005 this would only work from linux or mac hosts, however in 10.60.0005 (which was an attempt to fix the issue) it resulted in this working from both linux, mac & windows hosts. This variation was down to the differnces in carriage returns between OS's. I presume that the root issue was providing null header information though the vendor never confirmed.

regards

Matthew Whitehead (watcher60)


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC