Vigil@nce - Symantec pcAnywhere: denial of service of awhost32
February 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A network attacker can send malicious data to Symantec pcAnywhere,
in order to stop the awhost32 service.
Severity: 1/4
Creation date: 22/02/2012
IMPACTED PRODUCTS
– Symantec pcAnywhere
DESCRIPTION OF THE VULNERABILITY
The awhost32 service of Symantec pcAnywhere listens on port
5631/tcp.
An authentication is required to transmit data on this port.
However, if authentication messages are malformed, the awhost32
service stops (it is automatically restarted).
A network attacker can therefore send malicious data to Symantec
pcAnywhere, in order to stop the awhost32 service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Symantec-pcAnywhere-denial-of-service-of-awhost32-11385