Affected Product(s)
- Symantec pcAnywhere 12.5.x
- Symantec pcAnywhere 12.0.x, 12.1.x
- Symantec pcAnywhere Solution shipped with Altiris IT Management Suite 7.x 12.5.x, 12.6.x
- Symantec pcAnywhere Solution shipped with Altiris Client Management Suite 7.x 12.5.x, 12.6.x
- Remote pcAnywhere Solution shipped with Altiris Deployment Solution 7.112.5.x, 12.6.x
Symantec recommends users of pcAnywhere 12.5.x apply the pcAnywhere TECH179526 hotfix immediately.
Note: Symantec strongly recommends that users of pcAnywhere 12.0.x and 12.1.x upgrade to the latest supported version of pcAnywhere, 12.5.3, prior to applying the hotfix.
Details
Symantec was informed of remote code execution and local file tampering elevation of privilege issues impacting Symantec pcAnywhere. The remote code execution is the result of not properly validating/filtering external data input during login and authentication with Symantec pcAnywhere host services on 5631/TCP. Under normal installation and configuration in a network environment, access to this port should only be available to authorized network users. Successful exploitation would require either gaining unauthorized network access or enticing an authorized network user to run malicious code against a targeted system. Results could be a crash of the application or possibly successful arbitrary code execution in the context of the application on the targeted system.
Additionally, some files uploaded to the system during product installation are installed as writable by everyone and susceptible to file tampering. An authorized but unprivileged user with local access to a targeted host could potentially overwrite these files with code of their choice in an attempt to leverage elevated privileges.
For more details, please visit pcAnywhere Security Advisory webpage.
No comments:
Post a Comment