Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   Symantec Enterprise Security Manager Vendors:   Symantec
Symantec Enterprise Security Manager Upgrade Interface Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1017881
SecurityTracker URL:
CVE Reference:   CVE-2007-2375   (Links to External Site)
Updated:  May 16 2008
Original Entry Date:  Apr 6 2007
Impact:   Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.5, 6.0, 6.5.x
Description:   A vulnerability was reported in Symantec Enterprise Security Manager (ESM). A remote user can execute arbitrary code on the target system.

The ESM remote upgrade interface does not require authentication. A remote user can connect to the target ESM agent or manager to upload arbitrary code to the target system. The ESM agent will then execute the code with administrative privileges.

The NetWare, OS/400, and OpenVMS agents are not affected.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued a fix, available at:

The Symantec advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Red Hat Enterprise), Linux (Red Hat Linux), Linux (SuSE), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000), Windows (2003), Windows (XP)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC