NetSupport Client Handshake Hostname Overflow

2011-10-11T00:00:00
ID SAINT:234FFBF95C931847B14FD9F717E137EA
Type saint
Reporter SAINT Corporation
Modified 2011-10-11T00:00:00

Description

Added: 10/11/2011
CVE: CVE-2011-0404
BID: 45728
OSVDB: 70408

Background

NetSupport Manager is a remote desktop support solution.

Problem

The NetSupport client/server communication is carried out over a proprietary communications protocol. This protocol begins with a handshake between the client and server. The handshake contains a hostname, which is not properly validated. In NetSupport client version 11.0 and prior, a stack-based buffer overflow condition exists due to this lack of validation. An attack may exploit this vulnerability to compromise any workstation running a vulnerable version of the NetSupport client.

Resolution

No vendor upgrades are available as of this exploit's release data. Disabling NetSupport until a patch is made available should be considered. Seeking an alternative solution may also be beneficial.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0090.html>

Limitations

This exploit has been tested against NetSupport Manager 11.00 on Red Hat Enterprise Linux Server 5.3.

Platforms

Linux