Symantec Hit with Another Flaw

Thursday, January 26, 2012 @ 03:01 PM gHale

Symantec issued a warning about a critical vulnerability in pcAnywhere, the remote control application for PCs.

The vulnerability could allow an attacker to remotely inject code into a system running pcAnywhere and then run it with system privileges. This attack works because a service on TCP port 5631 allows user input during the authentication process which is not adequately checked.

Symantec Breach: Vulnerability Victims
Symantec Source Code Stolen in ‘06
Motivated Hacker Always Gets In
Steel Giant Hacked; Info Leaked
Symantec: Hackers got Some Code

This port should, under normal conditions, only be reachable by authorized network users, so an attacker would have to first gain access to the network or another computer on the network to compromise other systems, according to Symantec. In reality though, lax firewall configurations mean that such ports are always available somewhere on the Internet.

Symantec is also correcting a vulnerability which meant that files installed during pcAnywhere’s installation process ended up marked as writable by everyone. This would allow an unprivileged user with local access to overwrite these files, possibly with code that could grant elevated privileges.

Symantec is keeping further details of the two holes under wraps. Tad Seltzer (via ZDI) and Edward Torkington (of NGS Secure) reported the flaws so officials do not think this discovery relates to the theft of source code for an older version of pcAnywhere.

pcAnywhere 12.5.x is vulnerable to the flaws, as are versions 7.0 and 7.1 of the company’s IT Management Suite Solution.

Symantec released a hotfix which a user can install either manually or automatically with Symantec’s LiveUpdate system.

Leave a Reply

You must be logged in to post a comment.