PT-2012-2466 · Symantec · Pcanywhere+2

Published

2012-02-06

Updated

2018-01-06

CVE-2012-0290

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Symantec pcAnywhere versions prior to 12.5.4 Altiris IT Management Suite pcAnywhere Solution versions 7.0 and 7.1 Altiris Client Management Suite pcAnywhere Solution versions 7.0 and 7.1 Altiris Deployment Solution Remote pcAnywhere Solution version 7.1

Description The issue arises from improper handling of the client state after an abnormal termination of a remote session. This allows remote attackers to gain access to the client by exploiting an "open client session."

Recommendations For Symantec pcAnywhere versions prior to 12.5.4, update to version 12.5.4 or later to resolve the issue. For Altiris IT Management Suite pcAnywhere Solution versions 7.0 and 7.1, update to a version that incorporates the fix for Symantec pcAnywhere. For Altiris Client Management Suite pcAnywhere Solution versions 7.0 and 7.1, update to a version that incorporates the fix for Symantec pcAnywhere. For Altiris Deployment Solution Remote pcAnywhere Solution version 7.1, update to a version that incorporates the fix for Symantec pcAnywhere.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2012-0290

Affected Products

Altiris Client Management Suite

Altiris Deployment Solution

Pcanywhere

PT-2012-2466 · Symantec · Pcanywhere+2

CVE-2012-0290

Related Identifiers

Affected Products

References · 5