Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2006.0624 -- [Win][UNIX/Linux] Symantec Enterprise Security Manager(TM) Race Condition Fix 30 August 2006 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Symantec Enterprise Security Manager 6.0 and 6.5.x Publisher: Symantec Operating System: AIX HP-UX Linux variants Solaris Windows Impact: Denial of Service Access: Remote/Unauthenticated Original Bulletin: http://www.symantec.com/avcenter/security/Content/2006.08.21a.html - --------------------------BEGIN INCLUDED TEXT-------------------- 21 August 2006 Symantec Enterprise Security Manager(TM) Race Condition Fix Overview Symantec Enterprise Security Manager is susceptible to a race condition that can cause the application to lock up, resulting in a denial-of-service. Details A specially crafted invalid request can be sent to the manager server to simulate an ESM agent. This causes both the ESM manager and ESM agent to lock up, resulting in a denial-of-service. This issue affects all versions of ESM managers and agents. Manager and agent restarts are required to recover from an attack. Symantec response Symantec has released downloadable automated and manual fixes for most supported ESM managers and agents (see the list below). Complete instructions for automatically updating ESM agents and manually updating ESM managers and agents can be downloaded here ESM 6.0 Race Condition Fix http://www.symantec.com/avcenter/security/ESM/esmPU/ESM60RaceConditionFix.zip ESM 6.5 Race Condition Fix http://www.symantec.com/avcenter/security/ESM/esmPU/ESM65xRaceConditionFix.zip ESM Race Condition Fix Release Notes http://www.symantec.com/avcenter/security/ESM/esmPU/docs/ESMRaceConditionReleaseNotes.pdf NOTE: There was a minor issue with the fix packages that were initially posted on August 21, 2006; updated packages were posted on August 22, 2006 at 6:30 PM (Pacific Standard Time). If you downloaded the fixes prior to 6:30 PM (Pacific Standard Time) on August 22, 2006 and are having issues in updating your agents, Symantec recommends that you download the fix packages again. All other supported ESM platforms will have fixes available upon request. Please contact your sales representative to issue a request. To date, Symantec is not aware of any reported attempts to exploit this vulnerability. Vulnerable Products The following supported ESM agent and manager platforms have patches available for immediate download. The table also shows the location of the specific update file. ESM version 6.0 - ESM agent platform ESM agent update file Windows XP Professional SP2 (x86) ESM60RaceConditionFix\agent\wxp-ix86\esmagent.exe Windows Server 2003 Standard Edition SP1 (x86) ESM60RaceConditionFix\agent\w3s-ix86\esmagent.exe Windows Server 2003 Enterprise Edition SP1 (x86) ESM60RaceConditionFix\agent\w3s-ix86\esmagent.exe Windows 2000 (Professional, Server, Advanced Server) ESM60RaceConditionFix\agent\w2k-ix86\esmagent.exe Windows NT 4.0 ESM60RaceConditionFix\agent\nt-ix86\esmagent.exe Solaris 2.9 (SPARC) ESM60RaceConditionFix\agent\solaris-sparc\esmd AIX (4.3.1, 4.3.3, 5.1, 5.2) ESM60RaceConditionFix\agent\aix-rs6k\esmd Red Hat Enterprise Linux ES 3.0 (x86) ESM60RaceConditionFix\agent\lnx-x86\esmd HP-UX (10.20, 11.0, 11i) (PA-RISC) ESM60RaceConditionFix\agent\hpux-hppa\esmd ESM version 6.5.x - ESM agent platform ESM agent update file Windows XP Professional SP2 (x86) SM65RaceConditionFix\agent\wxp-ix86\esmagent.exe Windows Server 2003 Standard Edition SP1 (x86) ESM65RaceConditionFix\agent\w3s-ix86\esmagent.exe Windows Server 2003 Enterprise Edition SP1 (x86) ESM65RaceConditionFix\agent\w3s-ix86\esmagent.exe Windows Server 2003 (Itanium) ESM65xRaceConditionFix\agent\w3s-ia64\esmagent.exe Windows 2000 (Professional, Server, Advanced Server) ESM65RaceConditionFix\agent\w2k-ix86\esmagent.exe Solaris 2.9 (SPARC) ESM65RaceConditionFix\agent\solaris-sparc\esmd Solaris 2.10 (SPARC) ESM65RaceConditionFix\agent\solaris-sparc\esmd Solaris 2.10 (x86) ESM65xRaceConditionFix\agent\solaris-x86\esmd AIX 5L 5.3 (64-bit) ESM65xRaceConditionFix\agent\aix-ppc64\esmd AIX (5.1, 5.2) ESM65xRaceConditionFix\agent\aix-rs6k\esmd Red Hat Enterprise Linux ES 3.0 (x86) ESM65RaceConditionFix\agent\lnx-x86\esmd Red Hat Linux AS 3.0 64-bit (Itanium) ESM65xRaceConditionFix\agent\lnx-ia64\esmd Red Hat Enterprise Linux ES 4.0 Itanium ESM65xRaceConditionFix\agent\lnx-ia64\esmd Red Hat Linux AS 3.0 64-bit (Opteron and Xeon) ESM65RaceConditionFix\agent\lnx-x86\esmd Red Hat Linux WS 3.0 64-bit (Opteron and Xeon) ESM65RaceConditionFix\agent\lnx-x86\esmd Red Hat Enterprise Linux 4 ES (x86) ESM65RaceConditionFix\agent\lnx-x86\esmd Red Hat Enterprise Linux 4 AS (Xeon and Opteron) ESM65RaceConditionFix\agent\lnx-x86\esmd Red Hat Enterprise Linux (ES 2.1) ESM65RaceConditionFix\agent\lnx-x86\esmd SUSE Linux Enterprise Server 9 (x86) ESM65RaceConditionFix\agent\lnx-x86\esmd SUSE Linux Enterprise Server 9 (Itanium) ESM65xRaceConditionFix\agent\lnx-ia64\esmd HP-UX (11.0, 11.11i) (PA-RISC) ESM65xRaceConditionFix\agent\hpux-hppa\esmd HP-UX 11i v2 (Itanium) ESM65xRaceConditionFix\agent\hpux-ia64\esmd ESM version 6.0 - ESM manager platform ESM manager update file 6.0 Windows 2000 Professional SP1+ ESM60RaceConditionFix\manager\win-ix86\esmmanager.exe Windows 2000 Server SP1+ ESM60RaceConditionFix\manager\win-ix86\esmmanager.exe Windows 2000 Advanced Server SP1+ ESM60RaceConditionFix\manager\win-ix86\esmmanager.exe Windows Server 2003 ESM60RaceConditionFix\manager\win-ix86\esmmanager.exe Solaris 2.7 (SPARC) ESM60RaceConditionFix\manager\solaris-sparc\esmd Solaris 2.8 (SPARC) ESM60RaceConditionFix\manager\solaris-sparc\esmd Solaris 2.9 (SPARC) ESM60RaceConditionFix\manager\solaris-sparc\esmd HP-UX (10.20, 11.0, and 11.11) (PA-RISC) ESM60RaceConditionFix\manager\hpux-hppa\esmd AIX 4.3.1, 4.3.3 ESM60RaceConditionFix\manager\aix-rs6k\esmd AIX 5L 5.1 ESM60RaceConditionFix\manager\aix-rs6k\esmd AIX 5L 5.2 ESM60RaceConditionFix\manager\aix-rs6k\esmd ESM version 6.5.x - ESM manager platform ESM manager update file Windows 2000 Professional SP4+ ESM65xRaceConditionFix\manager\win-ix86\esmmanager.exe Windows 2000 Server SP4+ ESM65xRaceConditionFix\manager\win-ix86\esmmanager.exe Windows 2000 Advanced Server SP4+ ESM65xRaceConditionFix\manager\win-ix86\esmmanager.exe Windows Server 2003 ESM65xRaceConditionFix\manager\win-ix86\esmmanager.exe Solaris 2.7 (SPARC) ESM65RaceConditionFix\manager\solaris-sparc\esmd Solaris 2.8 (SPARC) ESM65RaceConditionFix\manager\solaris-sparc\esmd Solaris 2.9 (SPARC) ESM65RaceConditionFix\manager\solaris-sparc\esmd HP-UX 11.0 (PA-RISC) ESM65RaceConditionFix\manager\hpux-hppa\esmd HP-UX 11i v1 (11.11) (PA-RISC) ESM65RaceConditionFix\manager\hpux-hppa\esmd HP-UX 11.23 (PA-RISC) ESM65RaceConditionFix\manager\hpux-hppa\esmd AIX 5L 5.1 ESM65RaceConditionFix\manager\aix-rs6k\esmd AIX 5L 5.2 ESM65RaceConditionFix\manager\aix-rs6k\esmd Last modified on: Wednesday, 23-Aug-06 15:45:00 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRPTZGSh9+71yA2DNAQIfEAQAkK4+qhDP/EZTNRuIbFlmtkq6lpcjGZsB Rj8cFTjKPhIF3Kw7Pw9kbEz5WG9tA8cnYlhxw5pvYP+56NQdHrDbmF9G+02QoAVg QEgO6K26st/kvOvS7sc3DK2nxcskvRVQLlvrVVY750B265H6w5uvziB3FapbRJ8B NAhNGWxNzAA= =5/lJ -----END PGP SIGNATURE-----