===================================================================== CERT-Renater Note d'Information No. 2006/VULN473 _____________________________________________________________________ DATE : 31/08/2006 HARDWARE PLATFORM(S) : OPERATING SYSTEM(S) : Systems running Symantec Enterprise Security Manager. ====================================================================== 21 August 2006 Symantec Enterprise Security Manager(TM) Race Condition Fix Overview Symantec Enterprise Security Manager is susceptible to a race condition that can cause the application to lock up, resulting in a denial-of-service. Details A specially crafted invalid request can be sent to the manager server to simulate an ESM agent. This causes both the ESM manager and ESM agent to lock up, resulting in a denial-of-service. This issue affects all versions of ESM managers and agents. Manager and agent restarts are required to recover from an attack. Symantec response Symantec has released downloadable automated and manual fixes for most supported ESM managers and agents (see the list below). Complete instructions for automatically updating ESM agents and manually updating ESM managers and agents can be downloaded here ESM 6.0 Race Condition Fix http://www.symantec.com/avcenter/security/ESM/esmPU/ESM60RaceConditionFix.zip ESM 6.5 Race Condition Fix http://www.symantec.com/avcenter/security/ESM/esmPU/ESM65xRaceConditionFix.zip ESM Race Condition Fix Release Notes http://www.symantec.com/avcenter/security/ESM/esmPU/docs/ESMRaceConditionReleaseNotes.pdf NOTE: There was a minor issue with the fix packages that were initially posted on August 21, 2006; updated packages were posted on August 22, 2006 at 6:30 PM (Pacific Standard Time). If you downloaded the fixes prior to 6:30 PM (Pacific Standard Time) on August 22, 2006 and are having issues in updating your agents, Symantec recommends that you download the fix packages again. All other supported ESM platforms will have fixes available upon request. Please contact your sales representative to issue a request. To date, Symantec is not aware of any reported attempts to exploit this vulnerability. Vulnerable Products The following supported ESM agent and manager platforms have patches available for immediate download. The table also shows the location of the specific update file. ESM version 6.0 - ESM agent platform ESM agent update file Windows XP Professional SP2 (x86) ESM60RaceConditionFix\agent\wxp-ix86\esmagent.exe Windows Server 2003 Standard Edition SP1 (x86) ESM60RaceConditionFix\agent\w3s-ix86\esmagent.exe Windows Server 2003 Enterprise Edition SP1 (x86) ESM60RaceConditionFix\agent\w3s-ix86\esmagent.exe Windows 2000 (Professional, Server, Advanced Server) ESM60RaceConditionFix\agent\w2k-ix86\esmagent.exe Windows NT 4.0 ESM60RaceConditionFix\agent\nt-ix86\esmagent.exe Solaris 2.9 (SPARC) ESM60RaceConditionFix\agent\solaris-sparc\esmd AIX (4.3.1, 4.3.3, 5.1, 5.2) ESM60RaceConditionFix\agent\aix-rs6k\esmd Red Hat Enterprise Linux ES 3.0 (x86) ESM60RaceConditionFix\agent\lnx-x86\esmd HP-UX (10.20, 11.0, 11i) (PA-RISC) ESM60RaceConditionFix\agent\hpux-hppa\esmd ESM version 6.5.x - ESM agent platform ESM agent update file Windows XP Professional SP2 (x86) SM65RaceConditionFix\agent\wxp-ix86\esmagent.exe Windows Server 2003 Standard Edition SP1 (x86) ESM65RaceConditionFix\agent\w3s-ix86\esmagent.exe Windows Server 2003 Enterprise Edition SP1 (x86) ESM65RaceConditionFix\agent\w3s-ix86\esmagent.exe Windows Server 2003 (Itanium) ESM65xRaceConditionFix\agent\w3s-ia64\esmagent.exe Windows 2000 (Professional, Server, Advanced Server) ESM65RaceConditionFix\agent\w2k-ix86\esmagent.exe Solaris 2.9 (SPARC) ESM65RaceConditionFix\agent\solaris-sparc\esmd Solaris 2.10 (SPARC) ESM65RaceConditionFix\agent\solaris-sparc\esmd Solaris 2.10 (x86) ESM65xRaceConditionFix\agent\solaris-x86\esmd AIX 5L 5.3 (64-bit) ESM65xRaceConditionFix\agent\aix-ppc64\esmd AIX (5.1, 5.2) ESM65xRaceConditionFix\agent\aix-rs6k\esmd Red Hat Enterprise Linux ES 3.0 (x86) ESM65RaceConditionFix\agent\lnx-x86\esmd Red Hat Linux AS 3.0 64-bit (Itanium) ESM65xRaceConditionFix\agent\lnx-ia64\esmd Red Hat Enterprise Linux ES 4.0 Itanium ESM65xRaceConditionFix\agent\lnx-ia64\esmd Red Hat Linux AS 3.0 64-bit (Opteron and Xeon) ESM65RaceConditionFix\agent\lnx-x86\esmd Red Hat Linux WS 3.0 64-bit (Opteron and Xeon) ESM65RaceConditionFix\agent\lnx-x86\esmd Red Hat Enterprise Linux 4 ES (x86) ESM65RaceConditionFix\agent\lnx-x86\esmd Red Hat Enterprise Linux 4 AS (Xeon and Opteron) ESM65RaceConditionFix\agent\lnx-x86\esmd Red Hat Enterprise Linux (ES 2.1) ESM65RaceConditionFix\agent\lnx-x86\esmd SUSE Linux Enterprise Server 9 (x86) ESM65RaceConditionFix\agent\lnx-x86\esmd SUSE Linux Enterprise Server 9 (Itanium) ESM65xRaceConditionFix\agent\lnx-ia64\esmd HP-UX (11.0, 11.11i) (PA-RISC) ESM65xRaceConditionFix\agent\hpux-hppa\esmd HP-UX 11i v2 (Itanium) ESM65xRaceConditionFix\agent\hpux-ia64\esmd ESM version 6.0 - ESM manager platform ESM manager update file 6.0 Windows 2000 Professional SP1+ ESM60RaceConditionFix\manager\win-ix86\esmmanager.exe Windows 2000 Server SP1+ ESM60RaceConditionFix\manager\win-ix86\esmmanager.exe Windows 2000 Advanced Server SP1+ ESM60RaceConditionFix\manager\win-ix86\esmmanager.exe Windows Server 2003 ESM60RaceConditionFix\manager\win-ix86\esmmanager.exe Solaris 2.7 (SPARC) ESM60RaceConditionFix\manager\solaris-sparc\esmd Solaris 2.8 (SPARC) ESM60RaceConditionFix\manager\solaris-sparc\esmd Solaris 2.9 (SPARC) ESM60RaceConditionFix\manager\solaris-sparc\esmd HP-UX (10.20, 11.0, and 11.11) (PA-RISC) ESM60RaceConditionFix\manager\hpux-hppa\esmd AIX 4.3.1, 4.3.3 ESM60RaceConditionFix\manager\aix-rs6k\esmd AIX 5L 5.1 ESM60RaceConditionFix\manager\aix-rs6k\esmd AIX 5L 5.2 ESM60RaceConditionFix\manager\aix-rs6k\esmd ESM version 6.5.x - ESM manager platform ESM manager update file Windows 2000 Professional SP4+ ESM65xRaceConditionFix\manager\win-ix86\esmmanager.exe Windows 2000 Server SP4+ ESM65xRaceConditionFix\manager\win-ix86\esmmanager.exe Windows 2000 Advanced Server SP4+ ESM65xRaceConditionFix\manager\win-ix86\esmmanager.exe Windows Server 2003 ESM65xRaceConditionFix\manager\win-ix86\esmmanager.exe Solaris 2.7 (SPARC) ESM65RaceConditionFix\manager\solaris-sparc\esmd Solaris 2.8 (SPARC) ESM65RaceConditionFix\manager\solaris-sparc\esmd Solaris 2.9 (SPARC) ESM65RaceConditionFix\manager\solaris-sparc\esmd HP-UX 11.0 (PA-RISC) ESM65RaceConditionFix\manager\hpux-hppa\esmd HP-UX 11i v1 (11.11) (PA-RISC) ESM65RaceConditionFix\manager\hpux-hppa\esmd HP-UX 11.23 (PA-RISC) ESM65RaceConditionFix\manager\hpux-hppa\esmd AIX 5L 5.1 ESM65RaceConditionFix\manager\aix-rs6k\esmd AIX 5L 5.2 ESM65RaceConditionFix\manager\aix-rs6k\esmd Last modified on: Wednesday, 23-Aug-06 15:45:00 ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================