Vigil@nce: pcAnywhere, format string attack
March 2009 by Vigil@nce
A local attacker can generate a format string attack in pcAnywhere
in order to create a denial of service, and eventually to execute
code.
– Gravity: 2/4
– Consequences: privileged access/rights, denial of service of client
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 18/03/2009
IMPACTED PRODUCTS
– Symantec pcAnywhere
DESCRIPTION OF THE VULNERABILITY
The CHF file format describes a server where pcAnywhere can
connect.
When the CHF filename contains format strings (%n, %p, etc.), they
are interpreted by a function of the printf() family. A format
string attack thus occurs.
A local attacker can therefore invite the victim to open a
malicious file in order to create a denial of service, and
eventually to execute code.
CHARACTERISTICS
– Identifiers: BID-33845, CVE-2009-0538, SYM09-003,
VIGILANCE-VUL-8544
– Url: http://vigilance.fr/vulnerability/pcAnywhere-format-string-attack-8544