PMDF Kills Bug Discovered in Popular E-mail Clients; Innosoft's Enterprise Messaging Backbone Protects Users From Potential Malicious Attacks and System Crashes.WEST COVINA West Covina, city (1990 pop. 96,086), Los Angeles co., S Calif., in the San Gabriel valley; settled 1905, inc. 1923. Before World War II, West Covina was a small rural community where walnuts, wheat, and livestock were raised. , Calif.--(BUSINESS WIRE)--Aug. 3, 1998--Innosoft International Inc., today announced that it is helping its customers deal with the recently discovered security flaw found in popular e-mail and Web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. client programs from product vendors Microsoft and Netscape. As disclosed in last week's news reports, this bug makes users of these programs vulnerable to malicious attacks, or may cause their systems to crash unexpectedly, when receiving MIME message attachments with long filenames Long filename (LFN) is the name given to the longer and therefore more descriptive filenames supported by the Microsoft FAT filesystem. Earlier versions of the filesystem restricted filenames to eight characters and a three-character extension (referred to as a DOS 8. . The PMDF PMDF Pascal Memo Distribution Facility PMDF Parkinson’s and Movement Disorders Foundation PMDF Perfect Mendelsohn Difference Family PMDF Pre-Metal Dielectric Film backbone protects against such potential disasters by sanitizing any message it handles, preventing the bug from being exploited by ensuring that a virus is never delivered to the user's client system. The Problem is Buffer Overflow A common cause of malfunctioning software. If the amount of data written into a buffer exceeds the size of the buffer, the additional data will be written into adjacent areas, which could be buffers, constants, flags or variables. Error According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. Innosoft's chief development officer and co-author of the Internet's MIME standard, Ned Freed Ned Freed is the author or co-author of several IETF RFCs, most relating to e-mail or security. They include:
Freed added, "Someone might exploit this design error by executing a virus embedded Inserted into. See embedded system. in a filename file·name also file name n. A name given to a computer file to distinguish it from other files, often containing an extension that classifies it by type. , which, for instance, could result in the exposure of sensitive data such as credit card information during a transaction over the Internet using a Web browser. In addition, since virus checkers only look at message content and are oblivious to filenames, such products are rendered useless in this case." Besides possible security breaches, Innosoft's in-house testing has shown that system crashes are a reality. Microsoft's Outlook Express, for example, allows for filenames of 250 characters or more. Whenever a message was received that had an attachment with a filename of 260 characters, the system crashed consistently. The Solution is in the Enterprise Backbone The PMDF e-Mail Interconnect product suite includes an SMTP/MIME-based messaging backbone that is designed to support and integrate multiple departmental mail servers that may be distributed across the enterprise. Besides offering a central point of management over these mail servers, the benefit of using a backbone in the design of a messaging infrastructure is that it can filter out these kinds of bugs before they can be allowed to execute a virus. Not only is PMDF itself not vulnerable to such buffer overflow attacks, but it also actively protects vulnerable users from the type of security flaws found in the Microsoft and Netscape products. Since PMDF uses counted strings rather than null terminated strings, and truncates rather than overflowing buffers, it eliminates all sorts of potential security problems. Further, PMDF avoids using character pointers, preferring instead to use an array of constructs where run-time bounds checking In computer programming, bounds checking is any method of detecting whether a variable is within some bounds before its use. It is particularly relevant to a variable used as an index into an array to ensure its value lies within the bounds of the array. is possible. This provides two layers of checking in PMDF -- one explicitly coded in the string primitives used, the other provided by the language environment itself. Freed said, "PMDF has always included extensive MIME handling capabilities that would allow a site to manipulate attachments in such a way as to make them 'safe' for problem clients. What we've done to PMDF that specifically addresses the new bug found in these pervasive mail products is to automatically truncate To cut off leading or trailing digits or characters from an item of data without regard to the accuracy of the remaining characters. Truncation occurs when data are converted into a new record with smaller field lengths than the original. the field used for filename attachments." Freed added, "Avoiding this newly discovered security problem is just the latest example of Innosoft's quick response and PMDF's ability to provide additional protection for its customer's enterprise e-mail systems." Sensitive government sites that are prone to attacks, large ISPs, and Fortune 1000 corporations rely on PMDF protection against denial of service attacks An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, a denial of service attack interrupts network service for some period. , and unsolicited bulk e-mail storms. These large sites can especially appreciate the benefit of the added level of security that PMDF provides while they wait to install the vendor's recommended patches at each and every client machine. This could be an extremely costly and time-consuming task at a site with say 30,000 users or more. About Innosoft International A pioneer in enterprise e-mail solutions since 1987, Innosoft International continues its leadership in the development of Internet standards See Internet Engineering Task Force. in both the messaging and directory worlds. Innosoft markets its PMDF e-Mail Interconnect and Innosoft Directory Services product sets directly to end users, as well as through a network of international distributors and solutions partners. Innosoft maintains strategic relationships with Sun Microsystems Sun Microsystems, Inc. (NASDAQ: JAVA[3]) is an American vendor of computers, computer components, computer software, and information-technology services, founded on 24 February 1982. (Sun licenses the PMDF backbone for their enterprise mail product offering), and with Digital Equipment Corp., who resells PMDF products worldwide. Innosoft's messaging and directory products are presently installed at more than 2,400 sites in 51 countries throughout the world. The company is located at 1050 Lakes Drive, West Covina, CA 91790; telephone 626/919-3600; FAX 626/919-3614. PMDF is a registered trademark of Innosoft International Inc. All other trademarks are property of their respective owners.
CONTACT: Innosoft International Inc.
Dean Hidalgo, 626/919-3600
dean.hidalgo@innosoft.com
http://www.innosoft.com
OR
The Townsend Agency
Carol Foster, 619/457-4888
cfostertta@aol.com
|
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion