Symantec Enterprise Security Manager Denial-of-Service

1118

06 March 2020

24 May 2007

CLOSED

MEDIUM

SUMMARY

 

Symantec Enterprise Security Manager (ESM) is susceptible to a race condition that can lead to a denial-of-service.

Risk Impact
Medium

Remote Access

Yes

Local Access

No

Authentication Required

No

Exploit publicly available

No

 

AFFECTED PRODUCTS

 

Vulnerable Products
Only the Windows managers and agents are susceptible to this vulnerability. The following supported ESM agent and manager platforms have patches available for immediate download.

ESM agent platform

ESM version

Windows XP Professional SP2 (x86)
Windows Server 2003 Standard Edition SP1 (x86, x64, ia64)
Windows Server 2003 Enterprise Edition SP1 (x86, x64, ia64)
Windows 2000 (Professional, Server, Advanced Server)

6.5.3 (2007/03/23)
English Version only

Windows 2000 Professional SP1+
Windows 2000 Server SP1+
Windows 2000 Advanced Server SP1+
Windows Server 2003

6.5.3 (2007/03/23)
English Version only

 

ISSUES

 

Details
The Symantec ESM manager and agent will hang, with nearly 100% CPU usage, after some network scans have contacted one of the ESM network ports. ESM misinterprets this information and becomes non-responsive. This leads to a Denial of Service condition.

A restart of the manager or agent is required to restore ESM to a functional state.

 

MITIGATION

 

Symantec Response
Symantec has released downloadable automated and manual fixes for all supported vulnerable ESM managers and agents (see the list above).

To date, Symantec is not aware of any reported attempts to exploit this vulnerability.

For more information about installing or updating ESM components see the Symantec Enterprise Security Manager Installation Guide