The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of pcAnywhere

computer vulnerability CVE-2012-0292

Symantec pcAnywhere: denial of service of awhost32

Synthesis of the vulnerability

A network attacker can send malicious data to Symantec pcAnywhere, in order to stop the awhost32 service.
Impacted products: pcAnywhere.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 22/02/2012.
Identifiers: BID-52094, CVE-2012-0292, SYM12-003, TECH182142, VIGILANCE-VUL-11385.

Description of the vulnerability

The awhost32 service of Symantec pcAnywhere listens on port 5631/tcp.

An authentication is required to transmit data on this port. However, if authentication messages are malformed, the awhost32 service stops (it is automatically restarted).

A network attacker can therefore send malicious data to Symantec pcAnywhere, in order to stop the awhost32 service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2011-3478 CVE-2011-3479 CVE-2012-0290

Symantec pcAnywhere: code execution

Synthesis of the vulnerability

A local or remote attacker can use several vulnerabilities of Symantec pcAnywhere, in order to execute privileged code on the system.
Impacted products: pcAnywhere.
Severity: 3/4.
Consequences: administrator access/rights, data creation/edition.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 25/01/2012.
Revisions dates: 06/02/2012, 14/02/2012.
Identifiers: BID-51592, BID-51593, BID-51862, BID-51965, CERTA-2012-AVI-032, CVE-2011-3478, CVE-2011-3479, CVE-2012-0290, CVE-2012-0291, NGS00117, NGS00118, SYM12-002, TECH179526, TECH179960, TECH180472, VIGILANCE-VUL-11318, ZDI-12-018.

Description of the vulnerability

Several vulnerabilities were announced in Symantec pcAnywhere.

A remote attacker can connect to the port 5631/tcp and send a long username, which creates a buffer overflow, in order to execute code with System privileges. [severity:3/4; BID-51592, CERTA-2012-AVI-032, CVE-2011-3478, NGS00118, ZDI-12-018]

During the product installation, some files are installed as writable by all users. A local attacker can therefore insert a trojan horse in a file, in order to execute code with System privileges. [severity:3/4; BID-51593, CVE-2011-3479, NGS00117]

When a victim is connected, an attacker could create an exception, which closes the remote connection, but leaves the session open. A attacker can then connect to this session, in order to access to victim's data. [severity:3/4; BID-51862, CVE-2012-0290]

An attacker can send malformed data, in order to block or to stop the application. [severity:2/4; BID-51965, CVE-2012-0291]

A local or remote attacker can therefore use several vulnerabilities of Symantec pcAnywhere, in order to execute privileged code on the system.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2009-0538

pcAnywhere: format string attack

Synthesis of the vulnerability

A local attacker can generate a format string attack in pcAnywhere in order to create a denial of service, and possibly to execute code.
Impacted products: pcAnywhere.
Severity: 2/4.
Consequences: privileged access/rights, denial of service on client.
Provenance: user shell.
Creation date: 18/03/2009.
Identifiers: BID-33845, CERTA-2009-AVI-108, CVE-2009-0538, SYM09-003, VIGILANCE-VUL-8544.

Description of the vulnerability

The CHF file format describes a server where pcAnywhere can connect.

When the CHF filename contains format strings (%n, %p, etc.), they are interpreted by a function of the printf() family. A format string attack thus occurs.

A local attacker can therefore invite the victim to open a malicious file in order to create a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2007-2619

pcAnywhere: credential disclosure

Synthesis of the vulnerability

A local administrator can obtain authentication credentials of users who connected to pcAnywhere.
Impacted products: pcAnywhere.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 10/05/2007.
Identifiers: BID-23875, CVE-2007-2619, SYM07-006, VIGILANCE-VUL-6805.

Description of the vulnerability

When a remote user connects to Symantec pcAnywhere, authentication credentials he provides are stored in memory in order to check his access rights.

However, these credentials are not deleted when they are not necessary. A local administrator can therefore dump memory and thus obtain user's credentials.

It can be noted that this vulnerability is very low.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2006-3784 CVE-2006-3785 CVE-2006-3786

PcAnywhere: privilege elevation

Synthesis of the vulnerability

A local attacker can replace the host file of CallerID authentication in order to elevate his privileges.
Impacted products: pcAnywhere.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 19/07/2006.
Identifiers: BID-19059, CVE-2006-3784, CVE-2006-3785, CVE-2006-3786, VIGILANCE-VUL-6021.

Description of the vulnerability

Authentication to PcAnywhere can use several methods:
 - CallerID
 - PcAnywhere server
 - Active Directory

The CallerID authentication uses a CIF file containing information on users and a flag indicating if they are administrator. This file is located in the \Documents and Settings\All Users\Application Data\Symantec\pcAnywhere\Hosts directory.

However:
 - this directory is writable by all users
 - the CIF file is not associated to the computer
An attacker can thus create a file on another computer, containing an administrator, and replace the file located in the writable directory.

This vulnerability therefore permits a local attacker to obtain administrator privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2005-3934

pcAnywhere: denial of service with a buffer overflow

Synthesis of the vulnerability

A network attacker can generate an overflow leading to pcAnywhere stop.
Impacted products: pcAnywhere.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 30/11/2005.
Identifiers: 2005.11.29, BID-15646, CVE-2005-3934, SYM05-026, VIGILANCE-VUL-5382.

Description of the vulnerability

Symantec announced a buffer overflow in pcAnywhere.

This overflow occurs before authentication and leads to pcAnywhere stop. Its technical details are unknown.

This vulnerability permits a network attacker to conduct a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2005-1970

pcAnywhere : accroissement de privilèges

Synthesis of the vulnerability

Un attaquant local peut faire exécuter des commandes avec les droits du système.
Impacted products: pcAnywhere.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user console.
Creation date: 28/06/2005.
Identifiers: BID-13933, CVE-2005-1970, V6-PCANYWHERERUNONCON, VIGILANCE-VUL-5034.

Description of the vulnerability

La fonctionnalité "Launch with Windows" définit des commandes à exécuter lors de la connexion. Ces commandes sont gérées par un service s'exécutant avec les privilèges Local System.

Cependant, ce service ne filtre pas correctement les requêtes reçues depuis la machine même.

Un attaquant local peut ainsi demander au service d'exécuter des commandes avec les privilèges du système.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.