ADVISORY/sendmail Vulnerability; BindView's Razor Team Creates Customer Fix for New sendmail Vulnerability.Business Editors/High-Tech Writers ADVISORY...for Monday (March 31) --(BUSINESS WIRE) WHAT To protect its customers from a new serious global sendmail threat, BindView's elite Razor team yesterday delivered new system diagnosis capabilities using bv-Control for UNIX UNIX Operating system for digital computers, developed by Ken Thompson of Bell Laboratories in 1969. It was initially designed for a single user (the name was a pun on the earlier operating system Multics). , bv-Control for Windows and bv-Control for Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. for the newly detected Sendmail Buffer Overflow A common cause of malfunctioning software. If the amount of data written into a buffer exceeds the size of the buffer, the additional data will be written into adjacent areas, which could be buffers, constants, flags or variables. Vulnerability discovered on Saturday. Customers utilizing BindView's RapidFire Updates service should already have the updates through automatic distribution. Other customers not utilizing RapidFire Updates may download the new updates over the web at www.bindview.com. These updates enable BindView customers to automatically locate systems vulnerable to this new threat enterprise-wide. Estimates are that sendmail handles up to 75 percent of all Internet mail See Internet e-mail service. . sendmail software provides network e-mail delivery most commonly on UNIX platforms and is also used on Microsoft Windows See Windows. (operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then. operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. . All sendmail administrators should obtain a new version of sendmail from their vendors to guard against root compromises and crippling denial of service attacks An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, a denial of service attack interrupts network service for some period. . WHO IS AT RISK Those customers most at risk are those using sendmail as their primary Internet mail transfer agent. Intranet hosts that do not exchange email directly with external mail servers are also at risk. For customers who have installed the patch issued on March 29, 2003, no action is necessary. FOR MORE INFORMATION More information about this vulnerability can be found at: www.cert.org/advisories/CA-2003-12.html or http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0160.html COMMENTARY ON SENDMAIL BindView Razor team experts are available to discuss this new vulnerability and share further insight into organizations most at risk, potential outcomes of an attack and additional ways to secure enterprise IT infrastructures. Experts can also discuss the growing number of system vulnerabilities that have been identified over the past several months. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion