CERT-MU Vulnerability Note
Symantec pcAnywhere / IT Management Suite Code Execution and Insecure Permission vulnerabilities
Original Issue Date:
January 25, 2012
Severity Rating: Medium
- Symantec Altiris IT ManagementSuite 7.x
- Symantec pcAnywhere 12.x
Two vulnerabilities have been identified in Symantec pcAnywhere and IT Management Suite. These vulnerabilities can be exploited by remote attackers to conduct certain actions with elevated privileges and take full control of the vulnerable system. The vulnerabilities exist because of the following issues:
- The first vulnerability exists because of insecure file permissions on certain files. This error can allow remote attackers to modify or overwrite the files and gain escalated privileges.
- The second vulnerability occurs due to an input validation error residing within the login and authentication mechanism host services
Users are advised to apply updates.
More information is available on:
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street