Symantec Enterprise Security Manager™ JRE Vulnerability Fix

20 September 2007
Symantec Enterprise Security Manager™ JRE Vulnerability Fix

Overview
The following Symantec Enterprise Security Manager (ESM) components are susceptible to the Java Runtime Environment (JRE) vulnerability:

Symantec ESM 6.5.x manager/agent/console/utilities
Symantec Enterprise Reporting Database Link (RDL) 6.1.1/6.5.3
Symantec Enterprise Reporting (Cognos) 6.1.1/6.5.3

For more information on this vulnerability, refer to the Sun’s Web site at: http://www.sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102934-1.

Symantec response
Symantec has released downloadable JRE fixes for the ESM 6.5.x components and RDL (see the list below). The fix and complete instructions to update the JRE for the ESM 6.5.x components and RDL are specified in the Symantec ESM JRE Vulnerability Fix Update Guide.

ESM JRE Vulnerability Fix

ESM JRE Vulnerability Fix Update Guide

Additionally, Symantec has updated both downloadable and physical media of ESM 6.5.3 SP1 (except the ESM utilities) with this fix. Any components deployed with ESM 6.5.3 SP1 media are not affected by this vulnerability, and do not require an update. Customers can utilize the updated ESM 6.5.3 SP1 media to re-deploy their ESM components and fix this issue. Please contact Symantec Technical Support for more information.

To date, Symantec is not aware of any reported attempts to exploit this vulnerability.

Vulnerable Products
The JRE updates for the following supported ESM platforms are available for immediate download (see above):

ESM agent platform ESM version

Windows XP Professional SP2 (x86)
Windows Server 2003 Standard Edition SP1 (x86)
Windows Server 2003 Enterprise Edition SP1 (x86)
Windows Server 2003 Enterprise Edition SP1 (x86)
Windows 2000 (Professional, Server, Advanced Server) 6.5.0/6.5.2/6.5.3 (English Version only)

ESM manager platform ESM version

Windows 2000 Professional SP1+
Windows 2000 Server SP1+
Windows 2000 Advanced Server SP1+
Windows Server 2003 6.5.0/6.5.2/6.5.3 (English Version only)

ESM console platform ESM version

Windows 2000 Professional, Server, or Advanced Server
Windows Server 2003(x86)
Windows XP Professional 6.5.0/6.5.2/6.5.3 (English Version only)

ESM utilities platform ESM version

Windows 2000 Server, or Advanced Server
Windows Server 2003(x86) 6.5.0/6.5.2/6.5.3 (English Version only)

RDL platform ESM version

Windows 2000 Server
Windows Server 2003
Solaris 8/9 6.5.0/6.5.2/6.5.3 (English Version only)

Cognos platform ESM version

Windows 2000 Server
Windows Server 2003
Solaris 8/9 6.5.0/6.5.2/6.5.3 (English Version only)

Last modified on: Friday, 05-Oct-07 10:08:13