PT-2006-4644 · Symantec · Pcanywhere

Root

Publicado

2006-07-21

Atualizado

2018-10-17

CVE-2006-3784

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Symantec pcAnywhere version 12.5

Description The issue allows local users to gain privileges by inserting a superuser .cif file into the "SymantecpcAnywhereHosts" folder, and then using a pcAnywhere client to login as a local administrator. This is due to weak default permissions for the folder.

Recommendations For Symantec pcAnywhere version 12.5, consider changing the default permissions of the "SymantecpcAnywhereHosts" folder to prevent local users from inserting malicious .cif files. As a temporary workaround, restrict access to the folder and monitor for any suspicious activity.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-3784

Produtos afetados

Pcanywhere

PT-2006-4644 · Symantec · Pcanywhere

CVE-2006-3784

Identificadores relacionados

Produtos afetados

Referências · 6