发布时间 :2003-12-15 00:00:00
修订时间 :2016-10-17 22:38:24

[原文]Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe.

[CNNVD]Symantec PCAnywhere本地权限提升漏洞(CNNVD-200312-046)

        Symantec pcAnywhere是一款功能强大的远程控制软件。
        Symantec pcAnywhere的帮助接口存在权限控制问题,本地攻击者可以利用这个漏洞以SYSTEM权限执行任意指令。
        PCAnywhere以服务启动或设置成以窗口启动,攻击者可以通过帮助接口获得SYSTEM权限。Symantec pcAnywhere帮助功能调用Windows操作系统帮助函数的接口,由于Windows帮助函数在调用应用程序时没有降低权限,因此如果Symantec以服务方式启动时,攻击者如果调用帮助接口GUI,可搜索系统全部文件或者执行任意命令,把用户增加为管理员组。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:symantec:pcanywhere:10.5Symantec PCAnywhere 10.5
cpe:/a:symantec:pcanywhere:10.0Symantec PCAnywhere 10.0
cpe:/a:symantec:pcanywhere:11.0Symantec PCAnywhere 11.0

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20031113 SRT2003-11-13-0218 - PCAnywhere local SYSTEM exploit
(UNKNOWN)  BUGTRAQ  20031113 RE: Secure Network Operations SRT2003-11-13-0218, PCAnywhere allows local users to become SYSTEM

- 漏洞信息

Symantec PCAnywhere本地权限提升漏洞
高危 访问验证错误
2003-12-15 00:00:00 2005-10-20 00:00:00
        Symantec pcAnywhere是一款功能强大的远程控制软件。
        Symantec pcAnywhere的帮助接口存在权限控制问题,本地攻击者可以利用这个漏洞以SYSTEM权限执行任意指令。
        PCAnywhere以服务启动或设置成以窗口启动,攻击者可以通过帮助接口获得SYSTEM权限。Symantec pcAnywhere帮助功能调用Windows操作系统帮助函数的接口,由于Windows帮助函数在调用应用程序时没有降低权限,因此如果Symantec以服务方式启动时,攻击者如果调用帮助接口GUI,可搜索系统全部文件或者执行任意命令,把用户增加为管理员组。

- 公告与补丁


- 漏洞信息

Symantec pcAnywhere Privilege Escalation

- 漏洞描述

Symantec pcAnywhere version 10.x & 11.x contain a flaw that may lead to unauthorized privilege escalation. When pcAnywhere is run in "service-mode" malicious local users can interact with the AWHOST32 process through the icon in the system tray. By doing so they can escalate system privileges which may lead to a loss of confidentiality and system integrity.

- 时间线

2003-11-13 Unknow
Unknow Unknow

- 解决方案

Upgrade to current version available through the Symantec Live Update service, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Symantec PCAnywhere Privilege Escalation Vulnerability
Access Validation Error 9045
No Yes
2003-11-13 12:00:00 2009-07-12 12:56:00
Discovery of this vulnerability has been credited to KF <>.

- 受影响的程序版本

Symantec pcAnywhere 11.0
Symantec pcAnywhere 10.5
Symantec pcAnywhere 10.0

- 漏洞讨论

Symantec pcAnywhere can be installed as a service that listens for incoming connections from a remote administrator. Local unprivileged users have the ability to exercise some levels of control over the pcAnywhere server via the pcAnywhere icon that is visible in the systray on a Windows system.

Symantec pcAnywhere has been reported prone to a vulnerability that will allow a local unprivileged user to elevate system privileges. The issue is likely related to the vulnerability described in BID 8884. It has been reported that any local user may elevate local privileges by exploiting functionality provided by pcAnywhere help.

- 漏洞利用

There is no exploit required.

- 解决方案

Symantec have strongly recommended customers of supported versions of pcAnywhere to update to the latest LiveUpdate packages in order to prevent exploitation of this vulnerability.

- 相关参考