公開日:2012/06/06 最終更新日:2012/06/06
JVNVU#149070
Symantec Endpoint Protection Manager にサービス運用妨害 (DoS) の脆弱性
Symantec Endpoint Protection Manager には、サービス運用妨害 (DoS) の脆弱性が存在します。
Symantec Endpoint Protection Manager には、サービス運用妨害 (DoS) の脆弱性が存在します。
Symantec のセキュリティアドバイザリ SYM12-007 では、次のように述べられています。
Overview
Versions of Symantec Endpoint Protection Manager 11.0 running the Network Threat Protection module on Windows Server 2003 are susceptible to a Denial of Service(DoS). Successful exploitation could potentially result in the system hosting Symantec Endpoint Protection Manager becoming unresponsive to IIS-based web server requests until restarted.
Details
Symantec was notified of a Denial of Service(DoS) within the Symantec Endpoint Protection Manager 11 RU6 and related maintenance packs.
A successful exploitation is possible when using audit tools to aggressively scan the targeted Symantec Endpoint Protection Manager host. After a period of heavy scanning the Network Threat Protection module responds to the perceived threat by blocking all subsequent traffic to the server. This can lead the server to stop serving pages and in some instances can cause excessive resource use which can lead to a hang or crash of the server.
This issue does not impact the security of the Symantec Endpoint Manager, only the availability of the web server components.
Versions of Symantec Endpoint Protection Manager 11.0 running the Network Threat Protection module on Windows Server 2003 are susceptible to a Denial of Service(DoS). Successful exploitation could potentially result in the system hosting Symantec Endpoint Protection Manager becoming unresponsive to IIS-based web server requests until restarted.
Details
Symantec was notified of a Denial of Service(DoS) within the Symantec Endpoint Protection Manager 11 RU6 and related maintenance packs.
A successful exploitation is possible when using audit tools to aggressively scan the targeted Symantec Endpoint Protection Manager host. After a period of heavy scanning the Network Threat Protection module responds to the perceived threat by blocking all subsequent traffic to the server. This can lead the server to stop serving pages and in some instances can cause excessive resource use which can lead to a hang or crash of the server.
This issue does not impact the security of the Symantec Endpoint Manager, only the availability of the web server components.
Microsoft Windows Server 2003 のインターネット インフォメーション サービス (IIS) を使用したウェブサーバがサービス運用妨害 (DoS) 攻撃を受ける可能性があります。
アップデートする
Symantec が提供する情報をもとに、最新版にアップデートしてください。
ワークアラウンドを実施する
本脆弱性による事象が発生した場合は、以下の方法で復旧することが可能です。
- Microsoft Windows Server 2003 もしくは IIS を再起動する
-
US-CERT Vulnerability Note VU#149070
Symantec Endpoint Protection network threat protection module Microsoft IIS denial of service vulnerability
