Symantec Enterprise Security Manager Denial-of-Service
1100
06 March 2020
18 August 2006
CLOSED
MEDIUM
SUMMARY
Symantec Enterprise Security Manager is susceptible to a race condition that can cause the application to lock up, resulting in a denial-of-service.
Risk Impact
Medium
Remote |
Yes |
Local |
No |
Authentication Required |
No |
Exploit publicly available |
No |
AFFECTED PRODUCTS
Vulnerable Products
The following supported ESM agent and manager platforms have patches available for immediate download.
ESM agent platform |
ESM version |
Windows XP Professional SP2 (x86) |
6.0 |
Windows XP Professional SP2 (x86) |
6.5.x |
ESM manager platform |
ESM version |
Windows 2000 Professional SP1+ |
6.0 |
Windows 2000 Professional SP4+ |
6.0 |
ADDITIONAL PRODUCT INFORMATION
The following supported ESM agent and manager platforms will have fixes available upon request. Please contact your sales representative to issue a request.
ESM agent platform |
ESM version |
Windows XP Professional w/SP1 (x86) |
6.0 - 6.5.x |
ESM manager platform |
ESM version |
Windows NT 4.0 Workstation w/SP6a+ |
ISSUES
Details
A specially crafted invalid request can be sent to the manager server to simulate an ESM agent. This causes both the ESM manager and ESM agent to lock up, resulting in a denial-of-service. This issue affects all versions of ESM managers and agents. Manager and agent restarts are required to recover from an attack.
MITIGATION
Symantec Response
Symantec has released downloadable automated and manual fixes for many supported ESM managers and agents (see the list above). All other supported ESM platforms will have fixes available upon request. Please contact your sales representative to issue a request.
To date, Symantec is not aware of any reported attempts to exploit this vulnerability.
For information about downloading and installing updates for this issue see the product advisory located here. For more information about installing or updating ESM components see the Symantec Enterprise Security Manager Installation Guide.
ACKNOWLEDGEMENTS
Symantec thanks Anthony Bettini of McAfee, Inc. for informing Symantec of this issue.