WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
5 April 2007
Symantec Enterprise Security Manager™ Signature Fix

Overview
Symantec Corporation has identified a remote execution vulnerability that is part of the Symantec Enterprise Security Manager (ESM) line of products. In addition, vulnerabilities (CVE-2006-0455) found in the version of GPGV used by ESM have required Symantec Corporation to update the version of that utility.

Details
As part of an assessment performed by Symantec, ESM was discovered to be susceptible to a remote code execution vulnerability existing in ESM agents that allow remote upgrades. The vulnerabilities patched in this signature release affect the ESM agentsí ability to execute code securely.

The Signature Fix eliminates this risk in the following ways:

  1. ESM agents verify, using OpenSSL-S/MIME (Secure/ Multipurpose Internet Mail Extensions), that the upgrade code is from Symantec, or the remote upgrade functionality is disabled.
  2. Verifying the *.asc files using the updated GPGV 1.4.5, the ESM agents ensure that modules pulled from managers are from Symantec or another trusted third party.
To date, Symantec is not aware of any reported attempts to exploit these vulnerabilities.

Symantec Response
Symantec has released downloadable automated and manual remote upgrades for many supported ESM managers and agents. All other supported ESM platforms have fixes available upon request. Please contact your sales representative to issue a request. The fixes will also be available as part of the next release of ESM to be released in the near future.

Click on the following link to download the fix:

ESM 6.5.x Signature Fix (6.5.0, 6.5.1, 6.5.2)

ESM 6.0 Signature Fix

ESM 5.5 Signature Fix

The instructions for automatically or manually updating ESM agents are available in the following document:

Symantec Enterprise Security Manager Signature Fix Update Guide

Updated Products
The following supported ESM agent and manager platforms have updates available for immediate download.

ESM version

ESM agent platform

ESM agent update file

6.5.0, 6.5.2

Windows 2000 (Professional, Server, Advanced Server)

ESM65xSignatureFix\agent\w2k-ix86

Windows Server 2003 Standard Edition SP1 (x86)

ESM65xSignatureFix\agent\w3s-ix86

Windows Server 2003 Enterprise Edition SP1 (x86)

ESM65xSignatureFix\agent\w3s-ix86

Windows Server 2003 (Itanium)

ESM65xSignatureFix\agent\w3s-ia64

Windows Server 2003 (x64) (ESM SU 25+)

ESM65xSignatureFix\agent\w3s-ix64

Windows XP Professional SP2 (x86)

ESM65xSignatureFix\agent\wxp-ix86

Solaris2.7, 2.8, 2.9, 2.10 (SPARC)

ESM65xSignatureFix\agent\solaris-sparc

Solaris 2.10 (x86) (ESM SU 26+)

ESM65xSignatureFix\agent\solaris-x86

AIX (5.1, 5.2, 5.3) (ESM SU 26+)

ESM65xSignatureFix\agent\aix-rs6k

AIX 5L 5.3 (64-bit)

ESM65xSignatureFix\agent\aix-ppc64

Red Hat Enterprise Linux (ES 2.1) (x86)

ESM65xSignatureFix\agent\lnx-x86

Red Hat Enterprise Linux ES 3.0 (x86)

ESM65xSignatureFix\agent\lnx-x86

Red Hat Linux AS 3.0 64-bit (Itanium)

ESM65xSignatureFix\agent\lnx-ia64

Red Hat Linux AS 3.0 64-bit (Opteron and Xeon)

ESM65xSignatureFix\agent\lnx-x86

Red Hat Enterprise Linux ES 4.0 (Itanium) (ESM SU 25+)

ESM65xSignatureFix\agent\lnx-ia64

Red Hat Enterprise Linux ES 4.0 (Opteron) (ESM SU 25+)

ESM65xSignatureFix\agent\lnx-x86

Red Hat Enterprise Linux 4 ES (x86) (ESM SU 24+)

ESM65xSignatureFix\agent\lnx-x86

Red Hat Enterprise Linux 4 AS (Xeon and Opteron)

ESM65xSignatureFix\agent\lnx-x86

SUSE Linux Enterprise Server 9 (x86)

ESM65xSignatureFix\agent\lnx-x86

SUSE Linux Enterprise Server 9 (Itanium)

ESM65xSignatureFix\agent\lnx-ia64

HP-UX (11.0, 11i) (PA-RISC)

ESM65xSignatureFix\agent\hpux-hppa

HP-UX 11i v2 (Itanium)

ESM65xSignatureFix\agent\ hpux-ia64

6.0

Windows 2000 (Professional, Server, Advanced Server)

ESM60SignatureFix\agent\w2k-ix86

Windows Server 2003 Standard Edition SP1 (x86)

ESM60SignatureFix\agent\w3s-ix86

Windows Server 2003 Enterprise Edition SP1 (x86)

ESM60SignatureFix\agent\w3s-ix86

Windows Server 2003 (Itanium) (ESM SU 21+)

ESM60SignatureFix\agent\w3s-ia64

Windows XP Professional SP2 (x86)

ESM60SignatureFix\agent\wxp-ix86

Solaris 2.6, 2.7, 2.8, 2.9 (SPARC)

ESM60SignatureFix\agent\solaris-sparc

AIX (4.3.1, 4.3.3, 5.1, 5.2 )

ESM60SignatureFix\agent\aix-rs6k

AIX 5L 5.3 (64-bit) (ESM SU 22+)

ESM60SignatureFix\agent\aix-ppc64

Red Hat Enterprise Linux ES 2.1 (x86)

ESM60SignatureFix\agent\lnx-x86

Red Hat Enterprise Linux ES3.0(x86) (ESM SU 22+)

ESM60SignatureFix\agent\lnx-x86

Red Hat Linux AS 3.0 64-bit (Itanium) (ESM SU 22+)

ESM60SignatureFix\agent\lnx-ia64

Red Hat Linux AS 3.0 64-bit (Opteron and Xeon) (ESM SU 22+)

ESM60SignatureFix\agent\lnx-x86

Red Hat Linux WS 3.0 64-bit (Xeon) (ESM SU 23+)

ESM60SignatureFix\agent\lnx-x86

SUSE Linux Standard Server 8 (x86) (ESM SU 18+)

ESM60SignatureFix\agent\lnx-x86

SUSE Linux Enterprise Server 8 (x86) (ESM SU 21+)

ESM60SignatureFix\agent\lnx-x86

SUSE Linux Enterprise Server 9 (x86) (ESM SU 22+)

ESM60SignatureFix\agent\lnx-x86

SUSE Linux Enterprise Server 9 (Itanium) (ESM SU 23+)

ESM60SignatureFix\agent\lnx-ia64

HP-UX (10.20, 11.0, 11i) (PA-RISC)

ESM60SignatureFix\agent\hpux-hppa

HP-UX 11i v2 (Itanium) (ESM SU 21+)

ESM60SignatureFix\agent\hpux-ia64

Tru64/ OSF1-axp 4.0, 5.1

ESM60SignatureFix\agent\osf1-axp

5.5

Windows 2000 (Professional, Server)

ESM55SignatureFix\agent\w2k-ix86

Solaris 2.6, 2.7, 2.8 (SPARC)

ESM55SignatureFix\agent\solaris-sparc

AIX (4.3, 4.3.1, 4.3.2, 4.3.3)

ESM55SignatureFix\agent\aix-rs6k

Red Hat Enterprise Linux ES 2.1, 3.0 (x86)

ESM55SignatureFix\agent\lnx-x86

HP-UX (10.20 and 11.0) (PA-RISC)

ESM55SignatureFix\agent\hpux-hppa

 


ESM version

ESM manager platform

ESM manager update file

6.5.0, 6.5.2

Windows 2000 Professional SP4+

ESM65xSignatureFix\manager\win-ix86

Windows 2000 Server SP4+

ESM65xSignatureFix\manager\win-ix86

Windows 2000 Advanced Server SP4+

ESM65xSignatureFix\manager\win-ix86

Windows Server 2003

ESM65xSignatureFix\manager\win-ix86

Solaris 2.7 (SPARC)

ESM65xSignatureFix\manager\solaris-sparc

Solaris 2.8 (SPARC)

ESM65xSignatureFix\manager\solaris-sparc

Solaris 2.9 (SPARC)

ESM65xSignatureFix\manager\solaris-sparc

HP-UX 11.0 (PA-RISC)

ESM65xSignatureFix\manager\hpux-hppa

HP-UX 11i v1 (11.11) (PA-RISC)

ESM65xSignatureFix\manager\hpux-hppa

HP-UX 11.23 (PA-RISC)

ESM65xSignatureFix\manager\hpux-hppa

AIX 5L 5.1

ESM65xSignatureFix\manager\aix-rs6k

AIX 5L 5.2

ESM65xSignatureFix\manager\aix-rs6k

6.0

Windows 2000 Professional SP1+

ESM60SignatureFix\manager\win-ix86

Windows 2000 Server SP1+

ESM60SignatureFix\manager\win-ix86

Windows 2000 Advanced Server SP1+

ESM60SignatureFix\manager\win-ix86

Windows Server 2003

ESM60SignatureFix\manager\win-ix86

Solaris 2.7 (SPARC)

ESM60SignatureFix\manager\solaris-sparc

Solaris 2.8 (SPARC)

ESM60SignatureFix\manager\solaris-sparc

Solaris 2.9 (SPARC)

ESM60SignatureFix\manager\solaris-sparc

HP-UX (10.20, 11.0, and 11.11) (PA-RISC)

ESM60SignatureFix\manager\hpux-hppa

AIX 4.3.1, 4.3.3

ESM60SignatureFix\manager\aix-rs6k

AIX 5L 5.1

ESM60SignatureFix\manager\aix-rs6k

AIX 5L 5.2

ESM60SignatureFix\manager\aix-rs6k


Last modified on: Friday, 23-Oct-09 05:49:47