CVE-2011-0404 : Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Sol

Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252.

Published 2011-01-11 03:00:06

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2011-0404

Netsupport » Netsupport Manager Agent » Version: 11.00 Linux Edition
cpe:2.3:a:netsupport:netsupport_manager_agent:11.00:*:linux:*:*:*:*:*
Matching versions
Netsupport » Netsupport Manager Agent » Version: 9.50 Solaris Edition
cpe:2.3:a:netsupport:netsupport_manager_agent:9.50:*:solaris:*:*:*:*:*
Matching versions
Netsupport » Netsupport Manager Agent » Version: 11.00 Mac Os X Edition
cpe:2.3:a:netsupport:netsupport_manager_agent:11.00:*:mac_os_x:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-0404

EPSS FAQ

78.81%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2011-0404

NetSupport Manager Agent Remote Buffer Overflow

Disclosure Date: 2011-01-08

First seen: 2020-04-26

exploit/linux/misc/netsupport_manager_agent

This module exploits a buffer overflow in NetSupport Manager Agent. It uses a similar ROP to the proftpd_iac exploit in order to avoid non executable stack. Authors: - Luca Carettoni ( <Luca Carettoni (@_ikki)> - Evan - jduck <jduck@metasploit.com>

More information

CVSS scores for CVE-2011-0404

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2011-0404

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-0404

http://www.securityfocus.com/bid/45728

NetSupport Manager Remote Buffer Overflow Vulnerability
Exploit
http://secunia.com/advisories/42794

Sign in
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0062

Webmail | OVH- OVH
Vendor Advisory
http://www.exploit-db.com/exploits/15937

NetSupport Manager Agent - Remote Buffer Overflow (1) - Multiple remote Exploit
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/64546

NetSupport Manager client buffer overflow CVE-2011-0404 Vulnerability Report
http://www.ikkisoft.com/stuff/netsupport_linux.txt

404 Not Found
Exploit
http://www.securitytracker.com/id?1024943

NetSupport Manager Agent Stack Overflow Lets Remote Users Execute Arbitrary Code - SecurityTracker
http://osvdb.org/70408
http://www.exploit-db.com/exploits/16838

NetSupport Manager Agent - Remote Buffer Overflow (Metasploit) (2) - Linux remote Exploit
http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0090.html

Jump to