|| Hotline : 800 2378 ||  To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu ||  To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||
    Constituency
    Authority
   Vol.3, Issue 1
   Vol.2, Issue 3
   Vol.2, Issue 2
   Vol.2, Issue 1
   Vol.1, Issue 1
    World CERTs
    Email Abuse
 
Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University
 
 
 
 
 
 
 
 
 
 


   
 

CERT-MU Vulnerability Note VN-2012-19

Symantec pcAnywhere / IT Management Suite Code Execution and Insecure Permission vulnerabilities

Original Issue Date: January 25, 2012

Severity Rating: Medium

Systems Affected:

  • Symantec Altiris IT ManagementSuite 7.x
  • Symantec pcAnywhere 12.x

Description

Two vulnerabilities have been identified in Symantec pcAnywhere and IT Management Suite. These vulnerabilities can be exploited by remote attackers to conduct certain actions with elevated privileges and take full control of the vulnerable system. The vulnerabilities exist because of the following issues:

  • The first vulnerability exists because of insecure file permissions on certain files. This error can allow remote attackers to modify or overwrite the files and gain escalated privileges.
  • The second vulnerability occurs due to an input validation error residing within the login and authentication mechanism host services

Solution

Users are advised to apply updates.

More information is available on:

http://www.symantec.com/security_response/

Vendor Information

Symantec

www.symantec.com

CVE Information

CVE-2011-3478

CVE-2011-3479

References

Secunia

http://secunia.com/advisories/47744

Symantec

http://www.symantec.com/security_response/

Security Tracker

http://www.securitytracker.com/id/1026576

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact  Information

Email:

Hotline:

800 2378

Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis

 
 
News & Events
Computer Security Day 2012
Awareness sessions in State Secondary Schools
Workshop on Mobile Hacking
Safer Internet Day 2012
Computer Security Day 2011
Workshop on Cloud Security
 
  more...
 
Virus Alerts
RSS Feed
 
 
 

Last Updated 20-Jul-2012
Disclaimer Maintained & Hosted by NCB
This site is best viewed in 1024 x 768 resolution. Internet Explorer 6.0 +