Those dastardly folks of Anonymous undoubtedly have more history surrounding their hacking antics than we will probably ever know. It has only just come to light for Symantec that hackers related to the team stole source code from the 2006 versions of Symantec’s Norton products, including Antivirus Corporate Edition, Internet Security and SystemWorks.
What’s more alarming is that the theft was said to have occured in 2006. It wasn’t until the hackers mentioned having it this month in which they also expressed intent to release it publicly that Symantec went into red alert mode. As a result the company has quickly sent out a strong alert for all users of PCAnywhere in particular (including versions 12.0, 12.1 and 12.5), stating that there is a problem that might lead to remote code execution.
“Symantec was informed of remote code execution and local file tampering elevation of privilege issues impacting Symantec pcAnywhere. The remote code execution is the result of not properly validating/filtering external data input during login and authentication with Symantec pcAnywhere host services on 5631/TCP.”
Under normal installation and configuration in a network environment, access to this port should only be available to authorized network users. Successful exploitation would require either gaining unauthorized network access or enticing an authorized network user to run malicious code against a targeted system. Results could be a crash of the application or possibly successful arbitrary code execution in the context of the application on the targeted system.
Needless to say, if you are using PCAnywhere you should jump on this hotfix ASAP.
More info specific to Anonymous’ involvement can be read over at this page on Symantec’s website.
Kitguru says: And I’m sure this is only child’s play compared to what these guys still have on the cards.