You are here

U-088: Symantec pcAnywhere Bugs Let Remote Users Execute Arbitrary Code

January 25, 2012 - 6:00am

Addthis

PROBLEM:

A remote user can execute arbitrary code on the target system.

PLATFORM:

Version(s): 12.5 SP3; pcAnywhere Solutions 7.1 GA, SP 1, and SP 2

ABSTRACT:

Two vulnerabilities were reported in Symantec pcAnywhere. A remote user can execute arbitrary code on the target system. A local user can obtain elevated privileges on the target system.

reference LINKS:

Symantec Advisory
Secunia Advisory
SecurityTracker Alert ID:102576

IMPACT ASSESSMENT:

Medium

Discussion:

A remote user can send specially crafted data to TCP port 5631 to trigger a but in the validation of authentication data and execute arbitrary code. CVE-2011-3919.

Some installation files are created as writable by everyone. A local user can modify the files and then potentially obtain elevated privileges.

Under normal installation and configuration in a network environment, access to this port should only be available to authorized network users. Successful exploitation would require either gaining unauthorized network access or enticing an authorized network user to run malicious code against a targeted system. Results could be a crash of the application or possibly successful arbitrary code execution in the context of the application on the targeted system.

Impact:

Privilege escalation and system access from local network.

Solution:

The vendor has issued a fix from Symantec support. The Live Update options is available to install this update.

At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks. (updated 1/31/2012)

Symantec has issued additional security reccomendations avaiable at Symantec.com. (updated 1/31/2012)

Addthis