Symantec Enterprise Security Manager Misinterpreted Information Denial of Service Vulnerability

Bugtraq ID:	24123
Class:	Race Condition Error
CVE:	CVE-2007-2896
Remote:	Yes
Local:	No
Published:	May 24 2007 12:00AM
Updated:	May 07 2015 05:37PM
Credit:	The vendor reported this issue.
Vulnerable:	Symantec Enterprise Security Manager 6.5.3
Not Vulnerable:

Symantec Enterprise Security Manager Misinterpreted Information Denial of Service Vulnerability

Symantec Enterprise Security Manager is prone to a denial-of-service vulnerability caused by a race condition.

Attackers may exploit this issue to cause the application to become unresponsive, effectively denying service to legitimate users.

ESM Agent and Manager Platforms 6.5.3 for Microsoft Windows are affected.

Symantec Enterprise Security Manager Misinterpreted Information Denial of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Symantec Enterprise Security Manager Misinterpreted Information Denial of Service Vulnerability

Solution:
Symantec has released fixes to address this issue. Please see the referenced advisory for more information.


Symantec Enterprise Security Manager 6.5.3

• Symantec Mini Update Package.zip
  http://www.symantec.com/avcenter/security/ESM/esmPU/Mini Update Package.zip

Symantec Enterprise Security Manager Misinterpreted Information Denial of Service Vulnerability

References:

• Symantec Enterprise Security Manager Product Page (Symantec)
  
• Symantec Enterprise Security Manager�?� 6.5.3 Race Condition (Mini Update) Fix (Symantec)
  
• SYM07-008 Symantec Enterprise Security Manager Denial-of-Service (Symantec)