vulnerability CVE-2012-0292

Symantec pcAnywhere: denial of service of awhost32

Synthesis of the vulnerability

A network attacker can send malicious data to Symantec pcAnywhere, in order to stop the awhost32 service.

Severity: 1/4. Creation date: 22/02/2012.

Impacted products

• Symantec pcAnywhere

Description of the vulnerability

The awhost32 service of Symantec pcAnywhere listens on port 5631/tcp. An authentication is required to transmit data on this port. However, if authentication messages are malformed, the awhost32 service stops (it is automatically restarted). A network attacker can therefore send malicious data to Symantec pcAnywhere, in order to stop the awhost32 service.

Share this bulletin

Complete Vigil@nce bulletin

Symantec pcAnywhere: denial of service of awhost32

Characteristics

Title: Symantec pcAnywhere: denial of service of awhost32. Keywords: 5631 Symantec awhost32 denial pcAnywhere service. Identifiers: BID-52094, CVE-2012-0292, SYM12-003, TECH182142, VIGILANCE-VUL-11385.

Information sources

Publications and announces Source example: Symantec pcAnywhere awhost32 Denial of Service

Solutions for this vulnerability

Patch or workaround

Supplements

Attack Exploit 0day or proof of concept

Computer vulnerabilities tracking service

Vigil@nce provides an application vulnerability watch. The technology watch team tracks security threats targeting the computer system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.