Note -- this blog was updated on Feb 2, 2012 to highlight detection of the Symantec advisory SYM12-002 as well as new additional Nessus local checks to audit pcAnywhere installations.
With the recent news from Symantec that their source code theft has left pcAnywhere open to attack, it makes sense to audit your network for instances of this desktop sharing software.
Nessus has many checks that identify the presence of pcAnywhere, the type of network access supported by it, and some vulnerabilties in the application. A current list is shown below for reference:
- 10006 Symantec pcAnywhere Status Service Detection (UDP)
- 10794 Symantec pcAnywhere Detection (TCP)
- 10798 Symantec pcAnywhere Service Unrestricted Access
- 20743 Symantec pcAnywhere Launch with Windows Caller Properties Local Privilege Escalation
- 32133 Symantec pcAnywhere Access Server Detection Service
- 35976 Symantec pcAnywhere CHF File Pathname Format String Denial of Service
- 57795 Symantec pcAnywhere Installed (local check)
- 57796 Symantec pcAnywhere Multiple Vulnerabilitities (SYM12-002)