Multiple vulnerabilities in Symantec pcAnywhere
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2011-3478 CVE-2011-3479 |
| CWE-ID | CWE-287 CWE-264 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
pcAnywhere Other software / Other software solutions |
| Vendor | Broadcom |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper Authentication
EUVDB-ID: #VU44363
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2011-3478
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.
MitigationInstall update from vendor's website.
Vulnerable software versionspcAnywhere: 12.5 - 12.6.7580
CPE2.3- cpe:2.3:a:broadcom:pcanywhere:12.5:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:pcanywhere:12.5.539:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:pcanywhere:12.6.65:*:*:*:*:*:*:*
http://osvdb.org/show/osvdb/78532
http://secunia.com/advisories/48092
http://www.securityfocus.com/bid/51592
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00
http://www.zerodayinitiative.com/advisories/ZDI-12-018/
http://www.exploit-db.com/exploits/38599/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU44364
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2011-3479
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local #AU# to execute arbitrary code.
Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file.
MitigationInstall update from vendor's website.
Vulnerable software versionspcAnywhere: 12.5 - 12.6.7580
CPE2.3- cpe:2.3:a:broadcom:pcanywhere:12.5:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:pcanywhere:12.5.539:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:pcanywhere:12.6.65:*:*:*:*:*:*:*
http://secunia.com/advisories/48092
http://www.securityfocus.com/bid/51593
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
