|
| Symantec Security Response http://securityresponse.symantec.com |
pcAnywhere Denial of Service
|
SARC Security Alert
DTD: 05 March, 2001
Subject:
pcAnywhere Denial of Service, abnormal server connection
Affected:
pcAnywhere v9.2x and v10.0
Problem:
A Denial of Service condition exists in the Symantec pcAnywhere remote control solution that can result in the pcAnywhere server becoming unable to accept remote connections.
Details:
When the socket upon which the pcAnywhere server is listening is fed an abnormal amount of random characters immediately upon connection, any further communications between any pcAnywhere client and the server is prevented. The server indicates continuing to listen for a connection but no longer accepts client connections until the server application is restarted.
Risk Impact:
Low Risk, prevents remote administration of affected host until pcAnywhere server application is restarted.
Solution:
Symantec has developed fixes for pcAnywhere v 9.x and 10.x for this issue. Patches have been posted to the following location for download and are to be included in the pcAnywhere LiveUpdate the week of 5-9 March:
Credit: Symantec wishes to thank the engineers at the Computer Incident Advisory Capability (CIAC), Lawrence Livermore National Labs for their excellent coordination in helping resolve this issue.
Copyright (c) 2001 by Symantec Corp.
Permission to redistribute this Bulletin electronically is granted as long as it is not edited in any way unless authorized by the SARC. Reprinting the whole or part of this Bulletin in medium other than electronically requires permission from Sym Security@symantec.com.
Disclaimer:
The information in the advisory is believed to be accurate at the time of printing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect or consequential loss or damage arising from use of, or reliance on this information.
Symantec and SARC and Sym Security are Registered Trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.
Write-up by: Erick Bryant