Internet Security Systems Discovers and Protects Against Flaw in Sendmail Server Software.ATLANTA -- Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. Systems, Inc. (ISS ISS See Institutional Shareholder Services (ISS). ) (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : ISSX ISSX Internet Security Systems Inc. (stock abbreviation, AMEX) ), the worldwide leader in preemptive pre·emp·tive or pre-emp·tive adj. 1. Of, relating to, or characteristic of preemption. 2. Having or granted by the right of preemption. 3. a. , enterprise security, today announced that its X-Force(R) research and development team has discovered a serious vulnerability in Sendmail SMTP (Simple Mail Transfer Protocol) The standard e-mail protocol on the Internet and part of the TCP/IP protocol suite, as defined by IETF RFC 2821. SMTP defines the message format and the message transfer agent (MTA), which stores and forwards the mail. server software. Sendmail is the most popular mail transfer agent Mail Transfer Agent - Message Transfer Agent (MTA (1) (Message Transfer Agent or Mail Transfer Agent) The store and forward part of a messaging system. See messaging system. (2) See M Technology Association. 1. (messaging) MTA - Message Transfer Agent. ) on the Internet and is used extensively by large corporations and government agencies to route and deliver email. ISS customers have been preemptively protected from this vulnerability since February 14, 2006. In order to exploit this vulnerability, an attacker simply needs to be able to connect to the Sendmail SMTP server over a network. Exploitation of this vulnerability could allow remote attackers to take complete control of affected machines and obtain full access to users' emails, confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead and other sensitive data on the network. "Due to its high popularity and extensive deployment throughout the Internet, this vulnerability represents a serious risk to organizations that rely upon Sendmail for email services," said Gunter Ollmann, Director of ISS X-Force. "Since SMTP is one of the few listening services allowed consistently through perimeter firewalls, we expect that many attackers will focus their efforts on developing techniques to exploit the vulnerability in order to gain entry into corporate and government networks." Sendmail is primarily used in UNIX server A medium to large-scale computer system in a network that runs under Unix. Unix servers are widely used as application servers and database servers and are available from a variety of vendors, including Sun, IBM, HP and others. environments, although various Windows versions also exist. It is the default MTA for many operating systems. By carefully timing the transmission of malicious data targeting this vulnerability, it is possible for a remote attacker to gain control of the affected system without requiring any user interaction. By protecting against vulnerabilities rather than known exploits, ISS keeps organizations ahead of Internet threats. Through a multi-layered security approach, ISS' Proventia(R) security products and services provide organizations with comprehensive protection for IT assets from network to host. ISS' Virtual Patch(TM) technology automatically protects organizations from Internet attacks until they are able to obtain, test and apply patches from affected vendors. ISS products and services are based on the work of its X-Force research and development team. X-Force has discovered more than 50 percent of all critical and high-risk software and infrastructure vulnerabilities uncovered by commercial security research groups from 1998 to 2005, including the vulnerabilities exploited by the Slammer A worm that caused a billion dollars worth of damage on the Internet on January 25, 2003. Slammer infected computers all over the Internet by generating random IP addresses and causing the computer's buffer to overflow with its own instructions that replicate itself and start the process and Zotob worms. The ISS X-Force advisory on this vulnerability can be found at: http://xforce.iss.net/xforce/alerts/id/216 ISS customers are already protected from this flaw. ISS recommends that other companies obtain and apply the patch for this vulnerability from the Sendmail Web site (http://www.sendmail.org) or contact their operating system vendor for more information. About Internet Security Systems, Inc. Internet Security Systems, Inc. (ISS) is the trusted security advisor to thousands of the world's leading businesses and governments, providing preemptive protection for networks, desktops and servers. An established leader in security since 1994, ISS' integrated security platform automatically protects against both known and unknown threats, keeping networks up and running and shielding customers from online attacks before they impact business assets. ISS products and services are based on the proactive security intelligence of its X-Force(R) research and development team - the unequivocal world authority in vulnerability and threat research. ISS' product line is also complemented by comprehensive Managed Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362. Internet Security Systems and Virtual Patch are trademarks and X-Force and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion