Symantec Enterprise Security Manager Denial-of-Service
1118
06 March 2020
24 May 2007
CLOSED
MEDIUM
SUMMARY
Symantec Enterprise Security Manager (ESM) is susceptible to a race condition that can lead to a denial-of-service.
Risk Impact
Medium
Remote Access |
Yes |
Local Access |
No |
Authentication Required |
No |
Exploit publicly available |
No |
AFFECTED PRODUCTS
Vulnerable Products
Only the Windows managers and agents are susceptible to this vulnerability. The following supported ESM agent and manager platforms have patches available for immediate download.
ESM agent platform |
ESM version |
Windows XP Professional SP2 (x86) |
6.5.3 (2007/03/23) |
Windows 2000 Professional SP1+ |
6.5.3 (2007/03/23) |
ISSUES
Details
The Symantec ESM manager and agent will hang, with nearly 100% CPU usage, after some network scans have contacted one of the ESM network ports. ESM misinterprets this information and becomes non-responsive. This leads to a Denial of Service condition.
A restart of the manager or agent is required to restore ESM to a functional state.
MITIGATION
Symantec Response
Symantec has released downloadable automated and manual fixes for all supported vulnerable ESM managers and agents (see the list above).
To date, Symantec is not aware of any reported attempts to exploit this vulnerability.
For more information about installing or updating ESM components see the Symantec Enterprise Security Manager Installation Guide