Symantec Enterprise Security Manager远程升级远程代码执行漏洞

Symantec Enterprise Security Manager (ESM)可以在整个企业范围内为关键性应用程序和服务器自动搜索发现其漏洞隐患和不符合安全策略的设定。 Symantec Enterprise Security Manager存在设计问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 问题存在于ESM代理端的远程升级接口中，ESM代理端接收从熟悉升级协议的任意实体上的升级请求，并没有对源头进行任何可信认证。熟悉代理端协议的攻击者可以以应用程序进程权限执行任意指令。ESM代理端一般以管理员权限执行。 Symantec Enterprise Security Manager 6.5.2 Symantec Enterprise Security Manager 6.5.1 Symantec Enterprise Security Manager 5.5.3 Symantec Enterprise Security Manager 6.5 Symantec Enterprise Security Manager 6.0 升级程序： Symantec Enterprise Security Manager 6.0 * Symantec ESM60SignatureFix.zip <a href="http://www.symantec.com/avcenter/security/ESM/esmPU/ESM60SignatureFix." target="_blank">http://www.symantec.com/avcenter/security/ESM/esmPU/ESM60SignatureFix.</a> zip Symantec Enterprise Security Manager 5.5.3 * Symantec ESM55SignatureFix.zip <a href="http://www.symantec.com/avcenter/security/ESM/esmPU/ESM55SignatureFix." target="_blank">http://www.symantec.com/avcenter/security/ESM/esmPU/ESM55SignatureFix.</a> zip Symantec Enterprise Security Manager 6.5.1 * Symantec ESM65xSignatureFix.zip <a href="http://www.symantec.com/avcenter/security/ESM/esmPU/ESM65xSignatureFix" target="_blank">http://www.symantec.com/avcenter/security/ESM/esmPU/ESM65xSignatureFix</a> .zip Symantec Enterprise Security Manager 6.5.2 * Symantec ESM65xSignatureFix.zip <a href="http://www.symantec.com/avcenter/security/ESM/esmPU/ESM65xSignatureFix" target="_blank">http://www.symantec.com/avcenter/security/ESM/esmPU/ESM65xSignatureFix</a> .zip