Symantec pcAnywhere Privilege Escalation Vulnerability [بایگانی] - انجمن گروه آشیانه

توجه ! این یک نسخه آرشیو شده میباشد و در این حالت شما عکسی را مشاهده نمیکنید برای مشاهده کامل متن و عکسها بر روی لینک مقابل کلیک کنید : Symantec pcAnywhere Privilege Escalation Vulnerability

NI3

11-15-2003, 05:52 PM

TITLE:
Symantec pcAnywhere Privilege Escalation Vulnerability

SECUNIA ADVISORY ID:
SA10222

VERIFY ADVISORY:
[Only registered and activated users can see links]

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
Symantec pcAnywhere 11.x
Symantec pcAnywhere 10.x

DESCRIPTION:
A vulnerability has been identified in Symantec pcAnywhere allowing
malicious, local users to escalate their privileges.

The vulnerability is a variant of a Windows vulnerability, which
previously has been fixed by Microsoft:
SA10066

The problem is that when Symantec pcAnywhere runs in "service-mode",
local users can interact with the AWHOST32 process through the icon
in the system tray. pcAnywhere runs with System privileges.

SOLUTION:
An update is available via LiveUpdate.

REPORTED BY / CREDITS:
KF

ORIGINAL ADVISORY:
Symantec pcAnywhere Service-Mode Help File Elevation of Privilege
[Only registered and activated users can see links]

OTHER REFERENCES:
SA10066:
[Only registered and activated users can see links]

----------------------------------------------------------------------