CERT-MU Vulnerability Note
VN-2012-19
Symantec pcAnywhere / IT Management Suite Code Execution and Insecure Permission vulnerabilities
Original Issue Date:
January 25, 2012
Severity Rating: Medium
Systems Affected:
- Symantec Altiris IT ManagementSuite 7.x
- Symantec pcAnywhere 12.x
Description
Two vulnerabilities have been identified in Symantec pcAnywhere and IT Management Suite. These vulnerabilities can be exploited by remote attackers to conduct certain actions with elevated privileges and take full control of the vulnerable system. The vulnerabilities exist because of the following issues:
- The first vulnerability exists because of insecure file permissions on certain files. This error can allow remote attackers to modify or overwrite the files and gain escalated privileges.
- The second vulnerability occurs due to an input validation error residing within the login and authentication mechanism host services
Solution
Users are advised to apply updates.
More information is available on:
http://www.symantec.com/security_response/
Vendor Information
Symantec
www.symantec.com
CVE Information
CVE-2011-3478
CVE-2011-3479
Contact Information
Email:
Hotline:
800 2378
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis |
