Vulnerability CVE-2012-0292


Published: 2012-03-07   Modified: 2012-03-08

Description:
The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
PCAnyWhere 12.5.0 build 463 Denial of Service
Johnathan Norman
09.03.2012

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Symantec -> Altiris client management suite pcanywhere solution 
Symantec -> Altiris climentent manage suite pcanywhere solution 
Symantec -> Altiris deployment solution remote pcanywhere solution 
Symantec -> Altiris it management suite pcanywhere solution 
Symantec -> Pcanywhere 

 References:
http://secunia.com/advisories/48092
http://www.exploit-db.com/exploits/18493/
http://www.securityfocus.com/bid/52094
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120301_00

Copyright 2024, cxsecurity.com

 

Back to Top