Symantec ManHunt's Protocol Anomaly Detects Sendmail Vulnerability; Customers Are Protected Against This Specific Exploit.Business Editors/High-Tech Writers CUPERTINO, Calif.--(BUSINESS WIRE)--March 5, 2003 Symantec Corp. (Nasdaq:SYMC SYMC Symantec Corporation (stock symbol) ), the world leader in Internet security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. , today announced that Symantec ManHunt's protocol anomaly A deviation from the standard protocol. An intrusion detection system (IDS) may look for protocol anomalies in order to identify attacks without a signature. Protocol anomalies reduce false positives with well-understood protocols, but may cause false positives with poorly understood or detection technology detected the Sendmail Header Processing vulnerability, a remotely exploitable vulnerability in Sendmail, one of the most common e-mail servers. Symantec ManHunt man·hunt n. An organized, extensive search for a person, usually a fugitive criminal. manhunt Noun an organized search, usually by police, for a wanted man or fugitive Noun 1. customers have been protected against this specific exploit since its discovery without having to update the product. "Symantec ManHunt's detection ability is one of its key strengths. In addition to classic signature capabilities, ManHunt also provides protocol anomaly detection, which looks for deviations from normal protocol behavior and detects novel attacks," said Frank Huerta, vice president, IDS product delivery at Symantec. "In this case, Symantec ManHunt's protocol anomaly detection detected the Sendmail exploit as a violation of the mail protocol. Our customers were alerted to the attack without having to update the product to protect against this specific vulnerability." The remotely exploitable vulnerability was discovered in multiple versions of Sendmail. Remote attackers may gain root access (complete control) on affected SMTP (Simple Mail Transfer Protocol) The standard e-mail protocol on the Internet and part of the TCP/IP protocol suite, as defined by IETF RFC 2821. SMTP defines the message format and the message transfer agent (MTA), which stores and forwards the mail. servers. As SMTP servers are responsible for delivering and receiving e-mail, sensitive information may also be disclosed or tampered with by attackers. Sendmail is a widely used message transfer agent The store and forward capability in a messaging system. See messaging system. (messaging) Message Transfer Agent - (MTA, Mail Transfer Agent) Any program responsible for delivering e-mail messages. (MTA (1) (Message Transfer Agent or Mail Transfer Agent) The store and forward part of a messaging system. See messaging system. (2) See M Technology Association. 1. (messaging) MTA - Message Transfer Agent. ) for UNIX UNIX Operating system for digital computers, developed by Ken Thompson of Bell Laboratories in 1969. It was initially designed for a single user (the name was a pun on the earlier operating system Multics). and Microsoft Windows See Windows. (operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then. systems. Symantec ManHunt is an advanced network-based intrusion detection system This article is about the computing term. For other uses, see Burglar alarm. An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. that provides multiple detection methodologies to detect both known and unknown, or "zero day" attacks. ManHunt's core detection capability uses protocol anomaly detection, signature detection with custom signature support, traffic state profiling and statistical flow analysis to identify intrusions and denial of service attacks. ManHunt detects intrusions at speeds of up to 2 gigabits per second, dependent upon system configuration. Symantec ManHunt is a key element of Symantec Enterprise Security, which provides any size organization with the technology, global response and services necessary to manage its information security. Symantec's comprehensive solution offers best-of-breed products to protect gateways, servers and clients with firewall security, virtual private networking (VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. ), intrusion detection, vulnerability management and virus protection. Customers benefit from Symantec's global network of researchers that provide customers with around-the-clock, immediate response to any new security-related attacks. Symantec Enterprise Security customers are also supported by one of the largest professional security organizations in the world, offering security consulting, security education and managed security services. For more information, please visit Symantec's enterprise Web site at http://enterprisesecurity.symantec.com. About Symantec Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies and security services to enterprises and service providers around the world. Symantec's Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 38 countries. For more information, please visit www.symantec.com. NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/PressCenter/ on Symantec's Web site. All prices noted are in US dollars and are valid only in the United States. Symantec and the Symantec logo are trademarks or registered trademarks, in the United States and certain other countries, of Symantec Corporation. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion