back to article pcAnywhere let anyone anywhere inject code into PCs

Symantec is urging users to patch pcAnywhere, its remote control application, following the discovery of a brace of serious security flaws. The most severe of the two holes allows hackers to remotely inject code into vulnerable systems - made possible because a service on TCP port 5631 permits a fixed-length buffer overflow …

COMMENTS

This topic is closed for new posts.
Silver badge

Sir

"weaponised into exploits by hackers"

I prefer the term haxsploited meself :)

Anyway, I always thought PCAnwhere was just the PC equivalent of X and inherently insecure.

Friday afternoon X wars were always a favourite - trying to sneak a few google eyes and cockroaches under the other guys' windows before he noticed and then hitting him with the script that filled his screen with ants and flying santa claus and snow etc.

Thems were the days.

5
0
Anonymous Coward

Who can remind me

Who can remind me why anyone uses this stuff rather than a well chosen free-to-use/open-souce VNC-based equivalent?

5
4
Silver badge

Or indeed

windows remote desktop ?

4
1
Silver badge

I'll remind you

Back in the day, companies didn't have TCP/IP as it was hard to configure. Furthermore setting up a Remote Access Server with Windows and TCP/IP was to hard for most companies.

PC Anywhere simply allowed you to slam an ISDN card or modem into your Server and dial it up with minimal configuration. It was, more or less, a plug and play solution. Plus it offered file transfers (sometimes limited in speed to a few hundred bytes per second) and a 1-Bit mode which reduced the image to black and white which really sped things up a lot.

Of course by today there is little need for PC Anywhere. Everything it does can be done cheaper and more convenient with other methods. I guess some companies just kept it installed. I'm sure there are still companies using it over ISDN.

5
0
WTF?

VNC secure? That a joke?

VNC itself has almost no security whatsoever. In order to not give up pretty much everything to miscreants you have to tunnel it over SSH by yourself. (and hope you're not using one of the plethora of SSH versions with their own security holes)

It also doesn't have 1/10th the functionality that PCAW has.

That said, Symantec's decision to keep mum for 5 years about a serious breach of security-critical sourcecode is outrageous, especially for a company which is now one of the top IT security product vendors in the world. (And I'm not just talking about Norton antivirus - Symantec took over Verisign's SSL business, a major security forum/mailing-list, and sells all sorts of corporate security products as well.)

2
0
Anonymous Coward

"r a company which is noT one of the top IT security product vendors in the world."

Fixed it for you.

1
0
Anonymous Coward

...and is this Windows only?

^^See title

0
2

Is this Windows only?

I do know the hotfix won't install on Linux ..

"apply hotfix in TECH179526"

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00

0
0
Anonymous Coward

Not a big deal for most

I doubt this is a real issue for most and the hotfix should eliminate the issue. Hopefully they nail a few more hackers trying to infiltrate.

0
1
Devil

Not a big deal

PC Anywhere is BANNED from use where I work, and the last place I worked, so this is not a problem for us.

2
1
Black Helicopters

InsecurITy software only used by out-of-school sysadmins

As Framitz indicates, most companies have banned PC Anywhere since the early DoS vulnerabilities

http://www.cvedetails.com/vulnerability-list/vendor_id-76/product_id-423/Symantec-Pcanywhere.html

The current struggle is forcing off-shore support to stop infecting every server they touch with old versions of Dameware

http://www.cvedetails.com/vulnerability-list/vendor_id-2014/Dameware-Development.html

0
0
Anonymous Coward

PC Anywhere Banned?

All non-aproved remote access software is banned where I work. It's RDP, X, SSH, Proliant iLO or nothing.

To be honest, I used to work for a company in the days of NT4 and PCA was an essential product. MS released RDP for remote admin in Win2000, but what had actually killed PCA off for us was the then Compaq Lights Out board which was far more functional than any other remote access solution.

1
0
Silver badge

"This line of attack ought to be blocked by a properly configured firewall"

So it seems I know even less about firewalls than I thought. How does a firewall prevent a buffer overflow (in another app) through a tcp socket, except by closing the port? Any help?

And while I'm here "...to leverage this". I think the word you want is 'use'.

3
0
Devil

Same question here

"How does a firewall prevent a buffer overflow (in another app) through a tcp socket, except by closing the port? Any help?"

I think the news item writer might have blown it. Or, maybe I am missing something too.

You would have to do packet inspection that looked for the specific exploit to be able to block this. A regular firewall would either have the port wide open or would be port forwarding the packets blindly.

2
0

Your properly configured firewall...

...may be set up to filter on source of the port, via IP address, mac address, etc.

0
0

Re: How does a firewall prevent a buffer overflow

Hmmm, the way I read it, I thought by setting max packet length

iptables -A INPUT -p tcp --dport 5631 -m length --length $maxlength: -j DROP

Or something like that. But as the article says, it would be stupid to rely on this. I'm also wondering if commercial (hardware) firewall vendors would include this kind of fine grained rules per default. I somehow doubt it, but it would be interesting to ask.

0
0
Silver badge
Linux

Funny

How much easier it is with X and Linux. Used to use PC Anywhere a long time ago on Windows but it was slow as hell, mostly due to Windows I suppose.

1
1

It was slow when I used it...

...but that was over a dialup modem.

And that might not have been a fast one.

It was a cool program that allowed us to check the health of a factory at the other end of the UK without the required flights.

And secure too. The factory only plugged the modem into the phone line when we told them to.

0
0
Anonymous Coward

Mostly do to Windows and modem speed.

Used it a fair bit at my last job. When Symantec acquired Altiris, they made PCAnywhere the remote control agent for the deployment management suite. It put less load on the cpu of the local pc than the "emergency" remote solution which was directly implemented in the deployment console. Since the agent was sitting on the local net, PCAnywhere ran as quickly as any other remote solutions we'd used in the past.

0
0
Anonymous Coward

Altiris?

*spit*

Nasty piece of crap. Can't stand it.

Or maybe its just been set up to be aggressive by Global IT. Bloody GIT keeps scheduling intensive tasks (monthly virus scan, software audit etc) to trigger during the day, not at night when my PC is on and idle.

0
0
Bronze badge

better of using sub7 or infector 1.7b anyway, with the startup folder way

0
0
Anonymous Coward

Hmmm

"Neither flaw has been weaponised into exploits by hackers, reckons Symantec"

Yet 5 days before the publication of the first advisory, an exploit to do with the login was being talked about in hacker circles and by anonymous. So I would take Syrmantec's statement with a pinch of salt. The private 0-day exploit has been in use imo.

2
0
This topic is closed for new posts.

Forums