Symantec pcAnywhere (run on connect) privilege escalation

1063

06 March 2020

10 June 2005

CLOSED

MEDIUM

SUMMARY

 

Symantec pcAnywhere provides the option to run user defined commands when the remote host is connected. Enabling the “Launch with Windows” from the Host Properties Settings tab configures the pcAnyware host to run as a service with Local System privileges.

AFFECTED PRODUCTS

 

Affected Products (Consumer and Enterprise versions)
Symantec pcAnywhere All unsupported versions prior to 10.5x Symantec pcAnywhere version 10.5x Symantec pcAnywhere version 11x

ADDITIONAL PRODUCT INFORMATION

 

Products Not Affected
Symantec pcAnywhere 11.5

Note: Only Symantec products indicated above are potentially vulnerable. All other Symantec products are NOT affected

ISSUES

 

A non-privileged user with physical access to the system can potentially manipulate the Caller Properties feature to run arbitrary commands that will be executed with system level privileges when the system is restarted. This could potentially allow them to gain unauthorized Local System privilege on the targeted system.

MITIGATION

 

Symantec Response
Symantec has released a patch to address this issue. The patch can be downloaded from the Symantec technical support site. This patch ensures all commands launched through "Command to execute after connection" are launched within the scope of the logged in user’s access rights.
Symantec is not aware of any active attempts against or organizations impacted by this issue.

Recommendations:
Patches for this issue can be downloaded from the following locations:

For consumer versions of Symantec pcAnywhere:
http://www.symantec.com/techsupp/files/pca/index.html

For enterprise versions of Symantec pcAnywhere:
http://www.symantec.com/techsupp/enterprise/products/spca/files.html

Select your supported version of Symantec pcAnywhere and follow the instructions to download the appropriate update.

As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats