CVE-2012-0292

The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120301_00	Vendor Advisory
http://www.exploit-db.com/exploits/18493/	Exploit
http://www.securityfocus.com/bid/52094	Exploit
http://secunia.com/advisories/48092

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symantec:pcanywhere:12.5.265:::::::*
	cpe:2.3:a:symantec:pcanywhere:12.0:::::::*
	cpe:2.3:a:symantec:pcanywhere:10.5:::::::*
	cpe:2.3:a:symantec:pcanywhere:12.0.1:::::::*
	cpe:2.3:a:symantec:pcanywhere:12.0.2:::::::*
	cpe:2.3:a:symantec:pcanywhere:12.5.539:::::::*
	cpe:2.3:a:symantec:pcanywhere:12.5:::::::*
	cpe:2.3:a:symantec:pcanywhere:11.0.1:::::::*
	cpe:2.3:a:symantec:pcanywhere:11.5:::::::*
	cpe:2.3:a:symantec:pcanywhere:12.5:sp1::::::
	cpe:2.3:a:symantec:pcanywhere:12.5:sp2::::::
	cpe:2.3:a:symantec:pcanywhere:12.1:::::::*
	cpe:2.3:a:symantec:pcanywhere:10.0:::::::*
	cpe:2.3:a:symantec:pcanywhere:12.5.3:::::::*
	cpe:2.3:a:symantec:pcanywhere:11.5.1:::::::*
	cpe:2.3:a:symantec:pcanywhere:11.0:::::::*
	cpe:2.3:a:symantec:pcanywhere::sp3::::::*
	cpe:2.3:a:symantec:pcanywhere:12.0.3:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:symantec:altiris_it_management_suite_pcanywhere_solution:7.0:::::::*
	cpe:2.3:a:symantec:altiris_it_management_suite_pcanywhere_solution:7.1:::::::*
	cpe:2.3:a:symantec:altiris_climentent_manage_suite_pcanywhere_solution:7.1:::::::*
	cpe:2.3:a:symantec:altiris_client_management_suite_pcanywhere_solution:7.0:::::::*
	cpe:2.3:a:symantec:altiris_deployment_solution_remote_pcanywhere_solution:7.1:::::::*

Information

Published : 2012-03-07 20:15

Updated : 2018-01-05 18:29

NVD link : CVE-2012-0292

Mitre link : CVE-2012-0292

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

symantec

altiris_it_management_suite_pcanywhere_solution
altiris_client_management_suite_pcanywhere_solution
altiris_deployment_solution_remote_pcanywhere_solution
altiris_climentent_manage_suite_pcanywhere_solution
pcanywhere

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120301_00", "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120301_00", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.exploit-db.com/exploits/18493/", "name": "18493", "tags": ["Exploit"], "refsource": "EXPLOIT-DB"}, {"url": "http://www.securityfocus.com/bid/52094", "name": "52094", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/48092", "name": "48092", "tags": [], "refsource": "SECUNIA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-0292", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-03-08T04:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:symantec:pcanywhere:12.5.265:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:pcanywhere:12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:pcanywhere:10.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:pcanywhere:12.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:pcanywhere:12.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:pcanywhere:12.5.539:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:pcanywhere:12.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:pcanywhere:11.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:pcanywhere:11.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:pcanywhere:12.5:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:pcanywhere:12.5:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:pcanywhere:12.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:pcanywhere:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:pcanywhere:12.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:pcanywhere:11.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:pcanywhere:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:pcanywhere:*:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "12.5"}, {"cpe23Uri": "cpe:2.3:a:symantec:pcanywhere:12.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:symantec:altiris_it_management_suite_pcanywhere_solution:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_it_management_suite_pcanywhere_solution:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_climentent_manage_suite_pcanywhere_solution:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_client_management_suite_pcanywhere_solution:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:altiris_deployment_solution_remote_pcanywhere_solution:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-01-06T02:29Z"}

5.0 /10