Critical flaw discovered in Symantec's pcAnywhere
Symantec has issued a warning about a critical vulnerability in pcAnywhere, the remote control application for PCs. The vulnerability could allow an attacker to remotely inject code into a system running pcAnywhere and then run it with system privileges. This attack works because a service on TCP port 5631 allows user input during the authentication process which is not adequately checked.
According to Symantec, this port should, under normal conditions , only be reachable by authorised network users, so an attacker would have to first gain access to the network or another computer on the network to compromise other systems. In practice though, overly lax firewall configurations mean that such ports are always available somewhere on the internet.
Symantec is also correcting a vulnerability which meant that files installed during pcAnywhere's installation process were marked as writable by everyone. This would allow an unprivileged user with local access to overwrite these files, possibly with code which could grant elevated privileges.
Further details of the two holes are still being kept under wraps by Symantec and exploits are reportedly not in circulation. As the flaws were reported by security researchers Tad Seltzer (via ZDI) and Edward Torkington (of NGS Secure) it is probable that the discovery of the flaws is not related to the recent theft of source code for an older version of pcAnywhere.
pcAnywhere 12.5.x is vulnerable to the flaws, as are versions 7.0 and 7.1 of the company's IT Management Suite Solution. Symantec has released a hotfix which can be installed either manually or automatically with Symantec's LiveUpdate system.