The Inquirer-Home

Symantec warns about PCanywhere and Anonymous

PCanywhere users at ‘increased risk’ of attack
Wed Jan 25 2012, 15:27

SECURITY FIRM Symantec has issued an alert about its PCanywhere software, and warned enterprises to use it only for business critical purposes.

The firm has told users about a problem that might lead to remote code execution and recommended a hot fix.

"Symantec PCanywhere is susceptible to local file tampering elevation of privilege attempts and remote code execution attempts," is the official line from the firm.

"It is possible to run arbitrary code on a targeted system in the context of the application which is normally System."

A hot fix is available now and users are advised to fix the problem right away in order to avoid someone injecting a script into their computer and seizing control of it.

The remote code execution is enabled through the improper validation or filtering of external data input during login and authentication with Symantec PCanywhere host services on TCP port 5631, Symantec explained.

"Successful exploitation would require either gaining unauthorized network access or enticing an authorized network user to run malicious code against a targeted system. Results could be a crash of the application or possibly successful arbitrary code execution in the context of the application on the targeted system," it added.

The company did not say it, but it is possible that the vulnerability could present an opportunity to hackers that support the Anonymous group, which earlier claimed to have source code belonging to it.

In a statement called "Claims by Anonymous" that Symantec uses to hopefully dispel myths about the attacks, it said that PCanywhere users were at some increased risk after the theft.

"Our current analysis shows that all pcAnywhere 12.0, 12.1 and 12.5 customers are at increased risk, as well as customers using prior versions of the product," it said.

"Symantec recommends that customers follow general security best practices, as well as configuring pcAnywhere in a way that minimizes potential risks. Symantec also recommends that customers only use pcAnywhere for business critical purposes."

Anonymousabu, one of the more vocal of those associated with Anonymous, greeted the news with grim humour. "They're upset we reverse engineered their client to bypass authentication and are taking over corp pcanywhere servers," he said. "LOL." µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015