Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2006.0624 -- [Win][UNIX/Linux]
Symantec Enterprise Security Manager(TM) Race Condition Fix
30 August 2006
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Symantec Enterprise Security Manager 6.0 and 6.5.x
Publisher: Symantec
Operating System: AIX
HP-UX
Linux variants
Solaris
Windows
Impact: Denial of Service
Access: Remote/Unauthenticated
Original Bulletin:
http://www.symantec.com/avcenter/security/Content/2006.08.21a.html
- --------------------------BEGIN INCLUDED TEXT--------------------
21 August 2006
Symantec Enterprise Security Manager(TM) Race Condition Fix
Overview
Symantec Enterprise Security Manager is susceptible to a race
condition that can cause the application to lock up, resulting in a
denial-of-service.
Details
A specially crafted invalid request can be sent to the manager server
to simulate an ESM agent. This causes both the ESM manager and ESM
agent to lock up, resulting in a denial-of-service. This issue affects
all versions of ESM managers and agents. Manager and agent restarts
are required to recover from an attack.
Symantec response
Symantec has released downloadable automated and manual fixes for most
supported ESM managers and agents (see the list below). Complete
instructions for automatically updating ESM agents and manually
updating ESM managers and agents can be downloaded here
ESM 6.0 Race Condition Fix
http://www.symantec.com/avcenter/security/ESM/esmPU/ESM60RaceConditionFix.zip
ESM 6.5 Race Condition Fix
http://www.symantec.com/avcenter/security/ESM/esmPU/ESM65xRaceConditionFix.zip
ESM Race Condition Fix Release Notes
http://www.symantec.com/avcenter/security/ESM/esmPU/docs/ESMRaceConditionReleaseNotes.pdf
NOTE: There was a minor issue with the fix packages that were
initially posted on August 21, 2006; updated packages were posted on
August 22, 2006 at 6:30 PM (Pacific Standard Time). If you downloaded
the fixes prior to 6:30 PM (Pacific Standard Time) on August 22, 2006
and are having issues in updating your agents, Symantec recommends
that you download the fix packages again.
All other supported ESM platforms will have fixes available upon
request. Please contact your sales representative to issue a request.
To date, Symantec is not aware of any reported attempts to exploit
this vulnerability.
Vulnerable Products
The following supported ESM agent and manager platforms have patches
available for immediate download. The table also shows the location of
the specific update file.
ESM version 6.0 - ESM agent platform ESM agent update file
Windows XP Professional SP2 (x86)
ESM60RaceConditionFix\agent\wxp-ix86\esmagent.exe
Windows Server 2003 Standard Edition SP1 (x86)
ESM60RaceConditionFix\agent\w3s-ix86\esmagent.exe
Windows Server 2003 Enterprise Edition SP1 (x86)
ESM60RaceConditionFix\agent\w3s-ix86\esmagent.exe
Windows 2000 (Professional, Server, Advanced Server)
ESM60RaceConditionFix\agent\w2k-ix86\esmagent.exe
Windows NT 4.0
ESM60RaceConditionFix\agent\nt-ix86\esmagent.exe
Solaris 2.9 (SPARC)
ESM60RaceConditionFix\agent\solaris-sparc\esmd
AIX (4.3.1, 4.3.3, 5.1, 5.2)
ESM60RaceConditionFix\agent\aix-rs6k\esmd
Red Hat Enterprise Linux ES 3.0 (x86)
ESM60RaceConditionFix\agent\lnx-x86\esmd
HP-UX (10.20, 11.0, 11i) (PA-RISC)
ESM60RaceConditionFix\agent\hpux-hppa\esmd
ESM version 6.5.x - ESM agent platform ESM agent update file
Windows XP Professional SP2 (x86)
SM65RaceConditionFix\agent\wxp-ix86\esmagent.exe
Windows Server 2003 Standard Edition SP1 (x86)
ESM65RaceConditionFix\agent\w3s-ix86\esmagent.exe
Windows Server 2003 Enterprise Edition SP1 (x86)
ESM65RaceConditionFix\agent\w3s-ix86\esmagent.exe
Windows Server 2003 (Itanium)
ESM65xRaceConditionFix\agent\w3s-ia64\esmagent.exe
Windows 2000 (Professional, Server, Advanced Server)
ESM65RaceConditionFix\agent\w2k-ix86\esmagent.exe
Solaris 2.9 (SPARC)
ESM65RaceConditionFix\agent\solaris-sparc\esmd
Solaris 2.10 (SPARC)
ESM65RaceConditionFix\agent\solaris-sparc\esmd
Solaris 2.10 (x86)
ESM65xRaceConditionFix\agent\solaris-x86\esmd
AIX 5L 5.3 (64-bit)
ESM65xRaceConditionFix\agent\aix-ppc64\esmd
AIX (5.1, 5.2)
ESM65xRaceConditionFix\agent\aix-rs6k\esmd
Red Hat Enterprise Linux ES 3.0 (x86)
ESM65RaceConditionFix\agent\lnx-x86\esmd
Red Hat Linux AS 3.0 64-bit (Itanium)
ESM65xRaceConditionFix\agent\lnx-ia64\esmd
Red Hat Enterprise Linux ES 4.0 Itanium
ESM65xRaceConditionFix\agent\lnx-ia64\esmd
Red Hat Linux AS 3.0 64-bit (Opteron and Xeon)
ESM65RaceConditionFix\agent\lnx-x86\esmd
Red Hat Linux WS 3.0 64-bit (Opteron and Xeon)
ESM65RaceConditionFix\agent\lnx-x86\esmd
Red Hat Enterprise Linux 4 ES (x86)
ESM65RaceConditionFix\agent\lnx-x86\esmd
Red Hat Enterprise Linux 4 AS (Xeon and Opteron)
ESM65RaceConditionFix\agent\lnx-x86\esmd
Red Hat Enterprise Linux (ES 2.1)
ESM65RaceConditionFix\agent\lnx-x86\esmd
SUSE Linux Enterprise Server 9 (x86)
ESM65RaceConditionFix\agent\lnx-x86\esmd
SUSE Linux Enterprise Server 9 (Itanium)
ESM65xRaceConditionFix\agent\lnx-ia64\esmd
HP-UX (11.0, 11.11i) (PA-RISC)
ESM65xRaceConditionFix\agent\hpux-hppa\esmd
HP-UX 11i v2 (Itanium)
ESM65xRaceConditionFix\agent\hpux-ia64\esmd
ESM version 6.0 - ESM manager platform ESM manager update file
6.0 Windows 2000 Professional SP1+
ESM60RaceConditionFix\manager\win-ix86\esmmanager.exe
Windows 2000 Server SP1+
ESM60RaceConditionFix\manager\win-ix86\esmmanager.exe
Windows 2000 Advanced Server SP1+
ESM60RaceConditionFix\manager\win-ix86\esmmanager.exe
Windows Server 2003
ESM60RaceConditionFix\manager\win-ix86\esmmanager.exe
Solaris 2.7 (SPARC)
ESM60RaceConditionFix\manager\solaris-sparc\esmd
Solaris 2.8 (SPARC)
ESM60RaceConditionFix\manager\solaris-sparc\esmd
Solaris 2.9 (SPARC)
ESM60RaceConditionFix\manager\solaris-sparc\esmd
HP-UX (10.20, 11.0, and 11.11) (PA-RISC)
ESM60RaceConditionFix\manager\hpux-hppa\esmd
AIX 4.3.1, 4.3.3
ESM60RaceConditionFix\manager\aix-rs6k\esmd
AIX 5L 5.1
ESM60RaceConditionFix\manager\aix-rs6k\esmd
AIX 5L 5.2
ESM60RaceConditionFix\manager\aix-rs6k\esmd
ESM version 6.5.x - ESM manager platform ESM manager update file
Windows 2000 Professional SP4+
ESM65xRaceConditionFix\manager\win-ix86\esmmanager.exe
Windows 2000 Server SP4+
ESM65xRaceConditionFix\manager\win-ix86\esmmanager.exe
Windows 2000 Advanced Server SP4+
ESM65xRaceConditionFix\manager\win-ix86\esmmanager.exe
Windows Server 2003
ESM65xRaceConditionFix\manager\win-ix86\esmmanager.exe
Solaris 2.7 (SPARC)
ESM65RaceConditionFix\manager\solaris-sparc\esmd
Solaris 2.8 (SPARC)
ESM65RaceConditionFix\manager\solaris-sparc\esmd
Solaris 2.9 (SPARC)
ESM65RaceConditionFix\manager\solaris-sparc\esmd
HP-UX 11.0 (PA-RISC)
ESM65RaceConditionFix\manager\hpux-hppa\esmd
HP-UX 11i v1 (11.11) (PA-RISC)
ESM65RaceConditionFix\manager\hpux-hppa\esmd
HP-UX 11.23 (PA-RISC)
ESM65RaceConditionFix\manager\hpux-hppa\esmd
AIX 5L 5.1
ESM65RaceConditionFix\manager\aix-rs6k\esmd
AIX 5L 5.2
ESM65RaceConditionFix\manager\aix-rs6k\esmd
Last modified on: Wednesday, 23-Aug-06 15:45:00
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRPTZGSh9+71yA2DNAQIfEAQAkK4+qhDP/EZTNRuIbFlmtkq6lpcjGZsB
Rj8cFTjKPhIF3Kw7Pw9kbEz5WG9tA8cnYlhxw5pvYP+56NQdHrDbmF9G+02QoAVg
QEgO6K26st/kvOvS7sc3DK2nxcskvRVQLlvrVVY750B265H6w5uvziB3FapbRJ8B
NAhNGWxNzAA=
=5/lJ
-----END PGP SIGNATURE-----