3Com's Zero Day Initiative Alleviates First Threat Discovered Through Program; Zero Day Initiative Leads to Discovery and Patch of Vulnerability through Collaboration with Vendor; 3Com Protects Customers Before Flaw Disclosed Publicly.MALBOROUGH, Mass. -- 3Com and its TippingPoint division today announced the first vulnerability disclosed through the Zero Day Initiative (ZDI ZDI Zero Day Initiative (3Com/Tippingpoint) ) and worked closely with the affected vendor to issue a corresponding patch, eliminating the threat of a zero day attack. The vulnerability was discovered in Veritas NetBackup versions 4.5 through 6.0 from Symantec. Upon obtaining the vulnerability information, 3Com immediately reported the threat to Symantec on September 12, which in turn applied the necessary resources to address the vulnerability and issued the patch today. Shortly after, 3Com customers using the TippingPoint(TM) IPS (1) (Inches Per Second) The measurement of the speed of tape passing by a read/write head or paper passing through a pen plotter. (2) (IPS) (Intrusion Prevention S were issued protection against zero day attacks targeting the Symantec vulnerability, and have been preemptively protected for nearly one month. The Zero Day Initiative was launched by 3Com in July to enable the responsible disclosure of vulnerabilities in order to make technology more secure for users and businesses. Since the launch, over 150 researchers have registered for the program. Through the program, 3Com rewards security researchers for responsibly informing 3Com of newly discovered zero day vulnerabilities, vulnerabilities that are unknown and for which there is no patch. 3Com notifies the affected vendor so a patch can be developed, and the researcher agrees to keep the information confidential until the patch is issued so affected organizations are not at risk of attack. In addition to protecting all users from zero day threats by ensuring potentially harmful information is kept confidential until a patch is issued, TippingPoint customers are protected against exploits of zero day vulnerabilities through security filters delivered through the Digital Vaccine(R) service. "The response we have received from launching ZDI has far exceeded our expectations," said 3Com Chief Technology Officer Marc Willebeek-LeMair. "By harnessing the resources of the security community, we believe we have built the future model for security research and preemptive pre·emp·tive or pre-emp·tive adj. 1. Of, relating to, or characteristic of preemption. 2. Having or granted by the right of preemption. 3. a. protection. We will continue to leverage our success to help benefit the entire security community by eliminating zero day threats, giving affected vendors time to patch and giving our customers preemptive protection via our intrusion prevention See IPS and IDS. filters." Discovered by an independent researcher, this vulnerability allows remote attackers to execute arbitrary code In computer security, arbitrary code is executable code introduced externally that runs despite the intent of the original programmer. The code is injected into a currently-running application or its memory space, thus making the application execute the code. on vulnerable NetBackup installations. This specific flaw exists within the bpjava-msvc daemon due to incorrect handling of format string data passed through the 'COMMAND_LOGON See login. 1. (jargon) logon - login. 2. (networking) logon - In ACF/VTAM, an unformatted session-initiation request for a session between two logical units. _TO_MSERVER' command. The vulnerable daemon listens on TCP (1) (Transmission Control Protocol) The reliable transport protocol within the TCP/IP protocol suite. TCP ensures that all data arrive accurately and 100% intact at the other end. port 13722 and affects both NetBackup clients and servers. For more information on the Veritas vulnerability, please visit http://www.zerodayinitiative.com/advisories/ZDI-05-001.html About TippingPoint, a division of 3Com TippingPoint, a division of 3Com, is the leading provider of network-based intrusion prevention systems. The TippingPoint IPS is the most decorated dec·o·rate tr.v. dec·o·rat·ed, dec·o·rat·ing, dec·o·rates 1. To furnish, provide, or adorn with something ornamental; embellish. 2. in its industry. For a full list of awards, visit http://www.tippingpoint.com/products_certifications.html. Our innovative approach offers customers unmatched network-based security with unrivaled economics, ultra-high performance, scalability and reliability. TippingPoint is based in Austin, Texas, and can be contacted through its Web site at www.tippingpoint.com or by telephone at 1-888-TRUE-IPS. About 3Com Corporation 3Com Corporation (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : COMS COMS 3Com Corporation (stock symbol) COMS Certified Orientation and Mobility Specialist COMS Continuous Opacity Monitoring Systems COMS City of Manchester Stadium (UK) ) is a leading provider of secure, converged voice and data networking solutions for enterprises of all sizes. 3Com offers a broad line of innovative products backed by world class sales, service and support, which excel at Verb 1. excel at - be good at; "She shines at math" shine at excel, surpass, stand out - distinguish oneself; "She excelled in math" delivering business value for its customers. Through its TippingPoint division, 3Com is the leading provider of network-based intrusion prevention systems that deliver in-depth application protection, infrastructure protection, and performance protection for corporate enterprises, government agencies, service providers and academic institutions. For further information, please visit www.3com.com, or the press site www.3com.com/pressbox. Copyright (C) 2005 3Com Corporation. 3Com, the 3Com logo and Digital Vaccine are registered trademarks and TippingPoint is a trademark of 3Com Corporation or its subsidiaries. All other company and product names may be trademarks of their respective holders. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion