SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   NetSupport Manager Vendors:   NetSupport (Productive Computer Insight)
PCI NetSupport Manager Directory Traversal Flaw Lets Remote Users View Files Located Anywhere on the Managed Host
SecurityTracker Alert ID:  1003887
SecurityTracker URL:  http://securitytracker.com/id/1003887
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 22 2002
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 7
Description:   A vulnerability was reported in PCI's NetSupport Manager remote control software for Windows. A remote user can view files located anywhere on the system.

It is reported that a remote user can view and download files from hosts running NetSupport Manager when the web extensions are configured.

Some demonstration exploit URLs are provided:

http://machinename:relevant_port/../boot.ini

http://machinename:relevant_port/../../boot.ini

Impact:   A remote user can view files located anywhere on the system.
Solution:   It is reported that the vendor has corrected the problem (and that version 7 may include the correction).
Vendor URL:  www.pci.co.uk/nsm/remote_control.htm (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Webtraversal in PCI Netsupport Manager (all version up to 7 using





It is possible to view and download files on machines 
running  PCI Netsupport Manager (all version up to 7) 
that have the  web extensions switched on (default 
port 80). This has only been tested on Windows NT 4 
(server and workstation) and Windows 2000 (Pro , 
Server and Advanced server).
Example on a standard version 5.5 install (location 
c:\nsm) the URL to view the boot.ini file in the root 
would be:
http://machinename:relevant_port/../boot.ini

version 6 +:
http://machinename:relevant_port/../../boot.ini

I have received confirmation from PCI that this bug is 
fixed in version 7 onwards

Watcher60



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC