[security-alerts] FW: [SA17797] Symantec pcAnywhere Buffer Overflow Vulnerability

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> 
> TITLE:
> Symantec pcAnywhere Buffer Overflow Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA17797
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/17797/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> DoS
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Symantec pcAnywhere 9.x
> http://secunia.com/product/592/
> Symantec pcAnywhere 11.x
> http://secunia.com/product/2539/
> Symantec pcAnywhere 10.x
> http://secunia.com/product/169/
> 
> DESCRIPTION:
> A vulnerability has been reported in Symantec pcAnywhere, which can
> be exploited by malicious people to cause a DoS (Denial of Service).
> 
> The vulnerability is caused due to an unspecified boundary error.
> This can be exploited to cause a buffer overflow prior to
> authentication, which causes the pcAnywhere component to crash.
> 
> The vulnerability has been reported in versions 11.0.1, 11.5.1, and
> all 32-bit versions. Prior non-supported versions may also be
> affected.
> 
> SOLUTION:
> Apply patches:
> 
> The vendor recommends that users of versions prior to 11.0.1 to
> upgrade to a supported version.
> 
> Symantec pcAnywhere (consumer versions):
> http://www.symantec.com/techsupp/files/pca/index.html
> 
> Symantec pcAnywhere (enterprise versions):
> http://www.symantec.com/techsupp/enterprise/products/spca/files.html
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Tal of See-Security technologies Ltd.
> 
> ORIGINAL ADVISORY:
> http://securityresponse.symantec.com/avcenter/security/Content
> /2005.11.29.html
> 
> ----------------------------------------------------------------------