Summary
This host is running Symantec pcAnywhere and is prone to remote code execution vulnerability.
Impact
Successful exploitation will allow attackers to cause buffer overflow condition or execute arbitrary code or cause a denial of service condition.
Impact Level: System/Application
Solution
Upgrade to Symantec pcAnywhere 12.5 SP4 or pcAnywhere Solution 12.6.7 or Apply Symantec hotfix TECH182142,
For updates refer to
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00
Insight
The host services component 'awhost32' fails to filter crafted long login and authentication data sent on TCP port 5631, which could be exploited by remote attackers to cause a buffer overflow condition.
Affected
Symantec pcAnywhere version 12.5.x through 12.5.3
Symantec pcAnywhere Solution shipped with Altiris IT Management Suite 7.0 (12.5.x) Symantec pcAnywhere Solution shipped with Altiris IT Management Suite 7.1 (12.6.x)
References
- http://seclists.org/bugtraq/2012/Jan/154
- http://seclists.org/bugtraq/2012/Jan/161
- http://secunia.com/advisories/47744
- http://www.exploit-db.com/exploits/19407
- http://www.osvdb.org/78532
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120301_00
- http://www.zerodayinitiative.com/advisories/ZDI-12-018
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-3478, CVE-2011-3479, CVE-2012-0291, CVE-2012-0292 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Shockwave Player 3D Model Buffer Overflow Vulnerabilities
- Adobe Reader/Acrobat Multimedia Doc.media.newPlayer Code Execution Vulnerability (Win)
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows)
- Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Windows)
- ActiveFax RAW Server Multiple Buffer Overflow Vulnerabilities