CVE-2007-5252 - Vulnerability Details - OpenCVE

ReportizFlow

Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, and NetSupport School Student (NSS) 9.00, allows remote NSM servers to cause a denial of service or possibly execute arbitrary code via crafted data in the configuration exchange phase of an initial connection setup. NOTE: a vendor statement, which is too vague to be sure that it is for this particular issue, says that only a denial of service is possible.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netsupport	Netsupport Manager Client Netsupport School Student

Configuration 1 [-]

OR	cpe:2.3:a:netsupport:netsupport_manager_client:10.00:::::::*
	cpe:2.3:a:netsupport:netsupport_manager_client:10.20:::::::*
	cpe:2.3:a:netsupport:netsupport_school_student:9.00:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/27082
http://securityreason.com/securityalert/3198
http://www.netsupportsoftware.com/support/td.asp?td=545&Site=nsltd&Lang=
http://www.securityfocus.com/archive/1/481537/100/0/threaded
http://www.securityfocus.com/bid/25932
http://www.securitytracker.com/id?1018774
https://exchange.xforce.ibmcloud.com/vulnerabilities/36963

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-06T17:00:00

Updated: 2024-08-07T15:24:42.434Z

Reserved: 2007-10-06T00:00:00

Link: CVE-2007-5252

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-10-06T17:17:00.000

Modified: 2024-11-21T00:37:29.173

Link: CVE-2007-5252

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-04T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, and NetSupport School Student (NSS) 9.00, allows remote NSM servers to cause a denial of service or possibly execute arbitrary code via crafted data in the configuration exchange phase of an initial connection setup. NOTE: a vendor statement, which is too vague to be sure that it is for this particular issue, says that only a denial of service is possible."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "netsupport-unspecified-dos(36963)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36963"}, {"tags": ["x_refsource_MISC"], "url": "http://www.netsupportsoftware.com/support/td.asp?td=545&Site=nsltd&Lang="}, {"name": "3198", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3198"}, {"name": "20071004 DDIVRT-2007-05 NetSupport Manager Client Buffer Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/481537/100/0/threaded"}, {"name": "25932", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25932"}, {"name": "27082", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27082"}, {"name": "1018774", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018774"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2007-5252", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, and NetSupport School Student (NSS) 9.00, allows remote NSM servers to cause a denial of service or possibly execute arbitrary code via crafted data in the configuration exchange phase of an initial connection setup. NOTE: a vendor statement, which is too vague to be sure that it is for this particular issue, says that only a denial of service is possible."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "netsupport-unspecified-dos(36963)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36963"}, {"name": "http://www.netsupportsoftware.com/support/td.asp?td=545&Site=nsltd&Lang=", "refsource": "MISC", "url": "http://www.netsupportsoftware.com/support/td.asp?td=545&Site=nsltd&Lang="}, {"name": "3198", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3198"}, {"name": "20071004 DDIVRT-2007-05 NetSupport Manager Client Buffer Overflow", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/481537/100/0/threaded"}, {"name": "25932", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25932"}, {"name": "27082", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27082"}, {"name": "1018774", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018774"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:24:42.434Z"}, "title": "CVE Program Container", "references": [{"name": "netsupport-unspecified-dos(36963)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36963"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.netsupportsoftware.com/support/td.asp?td=545&Site=nsltd&Lang="}, {"name": "3198", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3198"}, {"name": "20071004 DDIVRT-2007-05 NetSupport Manager Client Buffer Overflow", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/481537/100/0/threaded"}, {"name": "25932", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25932"}, {"name": "27082", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27082"}, {"name": "1018774", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018774"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5252", "datePublished": "2007-10-06T17:00:00", "dateReserved": "2007-10-06T00:00:00", "dateUpdated": "2024-08-07T15:24:42.434Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netsupport:netsupport_manager_client:10.00:*:*:*:*:*:*:*", "matchCriteriaId": "F255121E-6D3D-4D06-9389-18F99E4E7490", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsupport:netsupport_manager_client:10.20:*:*:*:*:*:*:*", "matchCriteriaId": "CD02A9F1-79C0-4693-9FF6-93FCB9F02FE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:netsupport:netsupport_school_student:9.00:*:*:*:*:*:*:*", "matchCriteriaId": "5E3A5D92-6994-4EC2-8DD0-25E88E69976F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, and NetSupport School Student (NSS) 9.00, allows remote NSM servers to cause a denial of service or possibly execute arbitrary code via crafted data in the configuration exchange phase of an initial connection setup. NOTE: a vendor statement, which is too vague to be sure that it is for this particular issue, says that only a denial of service is possible."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en NetSupport Manager (NSM) Client versiones 10.00 y 10.20, y NetSupport School Student (NSS) versi\u00f3n 9.00, permite a servidores NSM remotos causar una denegaci\u00f3n de servicio o posiblemente ejecutar c\u00f3digo arbitrario por medio de datos dise\u00f1ados en la fase de intercambio de configuraci\u00f3n de una configuraci\u00f3n de conexi\u00f3n inicial. NOTA: un proveedor declara, que es demasiado vaga para estar seguro de que es para este problema en particular, dice que s\u00f3lo es posible una denegaci\u00f3n de servicio."}], "id": "CVE-2007-5252", "lastModified": "2024-11-21T00:37:29.173", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-06T17:17:00.000", "references": [{"source": "[email protected]", "url": "http://secunia.com/advisories/27082"}, {"source": "[email protected]", "url": "http://securityreason.com/securityalert/3198"}, {"source": "[email protected]", "tags": ["Patch"], "url": "http://www.netsupportsoftware.com/support/td.asp?td=545&Site=nsltd&Lang="}, {"source": "[email protected]", "url": "http://www.securityfocus.com/archive/1/481537/100/0/threaded"}, {"source": "[email protected]", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/25932"}, {"source": "[email protected]", "url": "http://www.securitytracker.com/id?1018774"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36963"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27082"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3198"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.netsupportsoftware.com/support/td.asp?td=545&Site=nsltd&Lang="}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/481537/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/25932"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018774"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36963"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "[email protected]", "type": "Primary"}]}