SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   NetSupport Manager Vendors:   NetSupport (Productive Computer Insight)
NetSupport Manager Client Buffer Overflow Lets Remote Users Deny Service
SecurityTracker Alert ID:  1018774
SecurityTracker URL:  http://securitytracker.com/id/1018774
CVE Reference:   CVE-2007-5252   (Links to External Site)
Updated:  Mar 20 2008
Original Entry Date:  Oct 5 2007
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 10.20.0005
Description:   A vulnerability was reported in NetSupport Manager. A remote user can cause denial of service conditions.

A remote user can send specially crafted data to TCP port 5405 on the target client to trigger a buffer overflow and cause denial of service conditions.

[Editor's note: The report states that remote code execution may be possible. The vendor's advisory states that remote code execution is not possible.]

The vendor was notified on September 9, 2007.

sxkeebler and r@b13$ of the Digital Defense, Inc. Vulnerability Research Team discovered this vulnerability.

Impact:   A remote user can cause denial of service conditions.
Solution:   The vendor has issued a fixed version (10.20.0005).

The vendor's advisory is available at:

http://www.netsupportsoftware.com/support/td.asp?td=545

Vendor URL:  www.netsupportsoftware.com/support/td.asp?td=545 (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  DDIVRT-2007-05 NetSupport Manager Client Buffer Overflow

Title
-----
NetSupport Manager Client Buffer Overflow

Severity
--------
Medium

Date Discovered
---------------
9/4/2007

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team Credit Given To: sxkeebler and r@b13$ http://www.digitaldefense.net/

Vulnerability Description
-------------------------
The NetSupport Manager client that listens on TCP port 5405 does not properly validate input supplied during the initial connection
 sequence. 
Specifically, during the configuration exchange part of the initial connection setup, the client does not appear to validate the supplied
 data which can result in a DoS of the NetSupport Manager Client.  Remote code exploitation is also thought to be possible.  Within
 Technical Document ID TD545, NetSupport acknowledges that this flaw is present in unspecified versions of NetSupport School Student.

Solution Description
--------------------
Digital Defense, Inc. notified NetSupport on September 9, 2007 of this flaw but did not receive any response or acknowledgement from
 the vendor. 
However, NetSupport has released a patch for this flaw as described by NetSupport Technical Document ID TD545.  

Tested Systems / Software (with versions)
-----------------------------------------
NetSupport Manager 10.20 running on Windows XP SP2 and Windows 2K3 SP2.  

NetSupport acknowledges in Technical Document ID TD545 that the following versions of the NetSupport Manager are vulnerable to this
 flaw:

NSM 10.00, NSS 9.00, NSM 10.20

Vendor Contact
--------------
NetSupport
http://www.netsupportmanager.com/

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC