SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   NetSupport Manager Vendors:   NetSupport (Productive Computer Insight)
NetSupport Manager Flaw in Gateway Component Lets Remote Users Deny Service
SecurityTracker Alert ID:  1023508
SecurityTracker URL:  http://securitytracker.com/id/1023508
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 27 2010
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 10.60.0006
Description:   A vulnerability was reported in NetSupport Manager. A remote user can cause denial of service conditions.

A remote user can send specially crafted data to the NetSupport Gateway component to cause the target service to crash.

The vendor was notified on November 11, 2009.

Matthew Whitehead (watcher60) reported this vulnerability.

Impact:   A remote user can cause the target service to crash.
Solution:   The vendor has issued a fix (10.60.0006).
Vendor URL:  www.netsupportsoftware.com/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Netsupport gateway remote DoS

Vendor: Netsupport
Product: Netsupport Manager
Vendor contacted 11 Nov 2009, fixed 11 Jan 2010 in version 10.60.0006

Netsupport gateway is a feature packaged with the netsupport manager product."Delivering seamless Remote Control between PCs that may be located behind different firewalls. The NetSupport Gateway provides a stable and secure method for NetSupport enabled systems to locate and communicate via http."

In all versions prior to 10.60.0006 it is possible to remotely crash the service by simply telneting to the port and hitting return twice, thereby causing a DoS. In versions prior to 10.60.0005 this would only work from linux or mac hosts, however in 10.60.0005 (which was an attempt to fix the issue) it resulted in this working from both linux, mac & windows hosts. This variation was down to the differnces in carriage returns between OS's. I presume that the root issue was providing null header information though the vendor never confirmed.

regards

Matthew Whitehead (watcher60)








 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC