Axent ESM 5.0 User Profile Permission Vulnerability

Axent ESM 5.0 User Profile Permission Vulnerability

Solution:
Use ESM version 4.5. The Hot-Fix for this problem will be available from Axent Support in August and should be remotely installable. Axent ESM 5.0.1 (as of this post date is to be released) will include the hot-fix.

The following message has been provided to Security Focus from AXENT:

AXENT appreciates the opportunity to respond to the issues raised with this posting. The first statement indicates that users cannot log into scanned hosts. This is not true--users can log in, but they will not be able to access their startup scripts. This bug constitutes more of an inconvenience to the user, than a security threat.

The bug was discovered a short time ago and there is a current procedure for correcting the ownership of files that may have been affected. Currently there is a newer version of the affected usrfiles module that does not change the ownership of the startup scripts. This procedure and/or the updated module can be obtained by contacting AXENT support. This version of the usrfiles module is also included in the August HotFix for ESM that customers can remotely install on all systems. The hot fix is only needed for ESM 5.0 UNIX agents. Earlier versions of ESM agents do not have this problem. The fix will also be included in the upcoming ESM 5.0.1 release.

As was indicated in the original posting, this check was not turned on by default and most ESM 5.0 customers have probably not used it. If you desire the procedure to correct the affected files or the updated module, please contact AXENT support at support@axent.com