pcAnywhere let anyone anywhere inject code into PCs
Symantec plugs holes in desktop remote-control tool
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Symantec is urging users to patch pcAnywhere, its remote control application, following the discovery of a brace of serious security flaws.
The most severe of the two holes allows hackers to remotely inject code into vulnerable systems - made possible because a service on TCP port 5631 permits a fixed-length buffer overflow during the authentication process. This line of attack ought to be blocked by a properly configured firewall, but it'd be stupid to rely on that without patching vulnerable systems.
The other flaw relies on overwriting files installed by pcAnywhere in order to escalate a user's privileges, although miscreants will already need access to vulnerable system to do this.
Neither flaw has been weaponised into exploits by hackers, reckons Symantec. The security firm credits Edward Torkington (of NGS Secure) and independent security researcher Tad Seltzer with discovering the flaws.
pcAnywhere 12.5.x as well as versions 7.0 and 7.1 of Symantec's IT Management Suite Solution are vulnerable.
The discovery doesn't appear to be related to the recent much-publicised leak of the source code for an older version of pcAnywhere. Bugs discovered by that route would likely result in the immediate exploitation of unpatched flaws rather than responsible disclosure that takes weeks to coordinate, as is the case here.
Symantec published the patches on Tuesday, and they can be applied either manually or automatically using Symantec's LiveUpdate system. ®
COMMENTS
I'll remind you
Back in the day, companies didn't have TCP/IP as it was hard to configure. Furthermore setting up a Remote Access Server with Windows and TCP/IP was to hard for most companies.
PC Anywhere simply allowed you to slam an ISDN card or modem into your Server and dial it up with minimal configuration. It was, more or less, a plug and play solution. Plus it offered file transfers (sometimes limited in speed to a few hundred bytes per second) and a 1-Bit mode which reduced the image to black and white which really sped things up a lot.
Of course by today there is little need for PC Anywhere. Everything it does can be done cheaper and more convenient with other methods. I guess some companies just kept it installed. I'm sure there are still companies using it over ISDN.
Sir
"weaponised into exploits by hackers"
I prefer the term haxsploited meself :)
Anyway, I always thought PCAnwhere was just the PC equivalent of X and inherently insecure.
Friday afternoon X wars were always a favourite - trying to sneak a few google eyes and cockroaches under the other guys' windows before he noticed and then hitting him with the script that filled his screen with ants and flying santa claus and snow etc.
Thems were the days.
"This line of attack ought to be blocked by a properly configured firewall"
So it seems I know even less about firewalls than I thought. How does a firewall prevent a buffer overflow (in another app) through a tcp socket, except by closing the port? Any help?
And while I'm here "...to leverage this". I think the word you want is 'use'.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
