1 reply to this topic

[AplusWebMaster]

FYI...

Symantec pcAnywhere update
- https://secunia.com/advisories/47744/
Last Update: 2012-01-26
Criticality level: Moderately critical
Impact: Privilege escalation, System access
Where: From local network
CVE Reference(s):
- http://web.nvd.nist....d=CVE-2011-3478 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2011-3479 - 4.3
... exploitation of this vulnerability may allow execution of arbitrary code.
The security issue and the vulnerability are reported in the following products:
Symantec pcAnywhere version 12.5.x, Symantec Altiris IT Management Suite version 7.0, Symantec Altiris IT Management Suite version 7.1
Solution: Apply hotfix TECH179526.
Original Advisory: Symantec:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00
Jan 24, 2012 - SYM12-002 - Severity: High

pcAnywhere hotfix - Article: TECH179526
- http://www.symantec....t&id=TECH179526
Updated: 2012-01-25 - "... Symantec pcAnywhere 12.5.x users should upgrade to the latest supported version, 12.5.3, prior to applying the hotfix or reapply the hotfix once they upgrade to the 12.5.3 version."
___

- http://www.securityt....com/id/1026576
Updated: Jan 25 2012

Edited by AplusWebMaster, 27 January 2012 - 07:32 AM.

[AplusWebMaster]

FYI...

pcAnywhere users – patch now!
- https://isc.sans.edu...l?storyid=12463
Last Updated: 2012-01-25 22:24:12 UTC - "Symantec released a patch for pcAnywhere products that fixes couple of vulnerabilities, among which the most dangerous one allows remote code execution... for last couple of weeks there have been a lot of rumors about source code of several Symantec’s products that got stolen by yet unknown hackers. Besides a post that listed file names nothing else has been released in public yet, as far as we know... if you are a pcAnywhere user – PATCH NOW.
Update:
And a short update: according to DShield data it appears that someone started scanning around for services on port 5631 (pcAnywhere). While the number of sources is still relatively low (indicating a single scanner, or a small number of them), the number of targets is pretty high. See for yourself here*."
* https://isc.sans.edu....html?port=5631

pcAnywhere hotfix - Article: TECH179526
- http://www.symantec....t&id=TECH179526
Updated: 2012-01-26
- http://clientui-kb.s...=&id=TECH179526
Updated: 2012-01-28 - Technical Solution for pcAnywhere 12.0 12.5 12.5 SP3, pcAnywhere Solution 12.5 12.6 12.6.2
Updated: 2012-01-30 - Technical Solution for pcAnywhere 12.5 12.5 SP3, pcAnywhere Solution 12.5 12.6 12.6.2 ...
Updated: 2012-02-02 - Technical Solution for pcAnywhere 12.0 12.5 12.5 SP3, pcAnywhere Solution 12.5 12.6 12.6.2

Edited by AplusWebMaster, 07 February 2012 - 09:15 PM.