SB2012012501 - Multiple vulnerabilities in Symantec pcAnywhere
Published: January 25, 2012 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Improper Authentication (CVE-ID: CVE-2011-3478)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2011-3479)
The vulnerability allows a local #AU# to execute arbitrary code.
Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file.
Remediation
Install update from vendor's website.
References
- http://osvdb.org/show/osvdb/78532
- http://secunia.com/advisories/48092
- http://www.securityfocus.com/bid/51592
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00
- http://www.zerodayinitiative.com/advisories/ZDI-12-018/
- https://www.exploit-db.com/exploits/38599/
- http://www.securityfocus.com/bid/51593