SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   pcAnywhere Vendors:   Symantec
Symantec's pcAnywhere Can Be Crashed Remotely and May Allow Remote Execution of Arbitrary Code
SecurityTracker Alert ID:  1001030
SecurityTracker URL:  http://securitytracker.com/id/1001030
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 7 2001
Impact:   Denial of service via network, Execution of arbitrary code via network

Version(s): Version 9.2x and 10.0
Description:   CIAC Bulletin Number L-055 reports that there is a vulnerability in Symantec's pcAnywhere remote access product that allows an attacker to remotely crash the server and may allow an attacker to remotely execute arbitrary code on the server.

Sending an abnormal number of random characters to the pcAnywhere server port immediately after connecting to the port can cause the server's port to crash. In addition, the buffer overflow vulnerability may allow an attacker to remotely execute arbitrary code on the server.

For more information, see:
http://www.ciac.org/ciac/bulletins/l-055.shtml

Impact:   An unauthorized user can remotely cause the pcAnywhere server to crash and may be able to cause the server to execute arbitrary code.
Solution:   Symantec has reportedly developed fixes for pcAnywhere v 9.x and 10.x. These patches are available for download and will be included in the pcAnywhere LiveUpdate the week of 5-9 March.

pcA 9.x
http://www.symantec.com/techsupp/files/pca/pca9-9598nt.html

pcA 10.x
http://www.symantec.com/techsupp/files/pca/pca_10.html
Vendor URL:  service1.symantec.com/sarc/sarc.nsf/info/html/pcAnywhere.Denial.of.Service.html (Links to External Site)
Cause:   Boundary error
Underlying OS:   Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Tue, 6 Mar 2001 08:49:11 -0800 (PST)
Subject:  CIAC Bulletin L-055 pcAnywhere Denial of Service, abnormal server connection


[ For Public Release ]
-----BEGIN PGP SIGNED MESSAGE-----

             __________________________________________________________

                       The U.S. Department of Energy
                    Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

            pcAnywhere Denial of Service, abnormal server connection

March 5, 2001 22:00 GMT                                           Number L-055
______________________________________________________________________________
PROBLEM:       A software error exists in the Symantec pcAnywhere remote
               control solution.
PLATFORM:      pcAnywhere Version 9.x and 10.x 
DAMAGE:        An abnormal number of random characters sent to the pcAnywhere 
               listening port, immediately upon connection, causes 
               communications to fail. The server has to be restarted to clear 
               the port. The result is an immediate denial of service (DoS) to 
               the affected server.  The vulnerability has the potential to
               allow an intruder to run programs on a system.
SOLUTION:      Apply the patches as directed by the security alert. 
______________________________________________________________________________
VULNERABILITY  The risk is MEDIUM. A buffer overflow capability was publicly 
ASSESSMENT:    announced.
______________________________________________________________________________

Background

CIAC received notice that a possible buffer overflow condition existed in
pcAnywhere, version 9.0, via use of a public script.  CIAC tested the script and
found that a communications lockup was created by use of the script.  CIAC
notified Symantec of the finding and how CIAC created the condition.

The notice also mentioned that this vulnerability is being examined to see if
it can be exploited remotely to run user programs on a system.

CIAC wishes to thank Symantec for its excellent response & communications in
resolving this security issue.

[******  Begin Symantec Security Alert ******]

http://www.ciac.org/ciac/bulletins/l-055.shtml

[******  End Symantec Security Alert ******]

-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition

iQCVAwUBOqUUm7nzJzdsy3QZAQHIoAQAxCsAWwmSHWJlx2FmLLXwhfa68dcfk4/H
hrRsRXV2CZZmgo9ZSI4Wle4M75VjQ4xqxl22dFwLngkrVqEXJyz5NB9/2y/nvvWe
GWPsQENEwVX1ZprJywvOS8mL8l0dsbxwsTBU3qwi3scmoyaRGAaMt4BLL2kstpcL
th0vclSiwQM=
=W3b1
-----END PGP SIGNATURE-----

-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
This message was posted through the FIRST mailing list server.  If you
wish to unsubscribe from this mailing list, send the message body of
"unsubscribe first-info" to first-majordomo@FIRST.ORG
-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC