Denial of Service Risk in Symantec Enterprise Security Manager by Remote Attackers
CVE-2007-2896

Currently unrated

Key Information:

Vendor: Symantec
Status: Enterprise Security Manager
Vendor: CVE Published:; 30 May 2007

Summary

The vulnerability allows remote attackers to exploit a race condition in Symantec Enterprise Security Manager (ESM) 6.5.3. By performing specific network scans targeting the ESM ports, attackers can cause excessive CPU consumption and application hang, leading to a denial of service. This issue affects all Windows versions of the product before the release date of May 24, 2007. Organizations utilizing Symantec ESM are advised to review their deployment and apply relevant security measures.

References

http://securityresponse.symantec.com/avcenter/security/Co...

x_refsource_CONFIRM

http://www.securitytracker.com/id?1018120

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2007/1940

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
May 30, 2007
Vulnerability Reserved
May 29, 2007