Support Content Notification - Support Portal

Symantec Enterprise Security Manager Denial-of-Service

Product/Component

Notification Id

1118

Last Updated

06 March 2020

Initial Publication Date

24 May 2007

Status

CLOSED

Severity

MEDIUM

CVSS Base Score

WorkAround

Affected CVE

SUMMARY

Symantec Enterprise Security Manager (ESM) is susceptible to a race condition that can lead to a denial-of-service.

Risk Impact
Medium

Remote Access	Yes
Local Access	No
Authentication Required	No
Exploit publicly available	No

AFFECTED PRODUCTS

Vulnerable Products
Only the Windows managers and agents are susceptible to this vulnerability. The following supported ESM agent and manager platforms have patches available for immediate download.

ESM agent platform	ESM version
Windows XP Professional SP2 (x86) Windows Server 2003 Standard Edition SP1 (x86, x64, ia64) Windows Server 2003 Enterprise Edition SP1 (x86, x64, ia64) Windows 2000 (Professional, Server, Advanced Server)	6.5.3 (2007/03/23) English Version only
Windows 2000 Professional SP1+ Windows 2000 Server SP1+ Windows 2000 Advanced Server SP1+ Windows Server 2003	6.5.3 (2007/03/23) English Version only

ISSUES

Details
The Symantec ESM manager and agent will hang, with nearly 100% CPU usage, after some network scans have contacted one of the ESM network ports. ESM misinterprets this information and becomes non-responsive. This leads to a Denial of Service condition.

A restart of the manager or agent is required to restore ESM to a functional state.

MITIGATION

Symantec Response
Symantec has released downloadable automated and manual fixes for all supported vulnerable ESM managers and agents (see the list above).

To date, Symantec is not aware of any reported attempts to exploit this vulnerability.

For more information about installing or updating ESM components see the Symantec Enterprise Security Manager Installation Guide