Printer Friendly

Entercept Discovers Vulnerability Affecting Multiple UNIX Operating Systems; Intrusion Prevention Leader Works with CERT to Alert Major Vendors.

Business Editors/High-Tech Writers

SAN JOSE, Calif.--(BUSINESS WIRE)--Aug. 12, 2002

Entercept(TM) Security Technologies, the proven leader in intrusion prevention software, today announced that the Entercept Ricochet Team(TM) has discovered a remotely exploitable vulnerability in the CDE ToolTalk database server. This vulnerability affects multiple vendors including Caldera, Compaq, HP, IBM, SGI and Sun. If exploited, the vulnerability may allow remote attackers to execute arbitrary commands on a target system with root privileges. Upon discovery of the vulnerability, the Entercept Ricochet Team immediately notified all vendors involved. In addition, the Entercept Ricochet Team worked directly with CERT(R) (Computer Emergency Response Team) to ensure that the vendors had the technical details necessary to develop their patches and issue security advisories.

CDE is the standard graphical user interface on all commercial UNIX platforms. The vulnerability exists in the ToolTalk Database server (rpc.ttdbserverd daemon), a subcomponent of CDE, in the _TT_CREATE_FILE procedure. The vulnerability causes heap corruption and for some architectures, a stack overflow condition. Enterprises need to be aware that non-executable stack protection is not a solution against this vulnerability, because the payload resides on the heap segment (which is executable by default). By exploiting the vulnerability, an attacker can gain root privileges and take full control of the server. If an attacker gains full control of the server, he/she can potentially steal confidential information, alter system configurations, execute commands, and/or install backdoors. Additional technical details can be found in the Entercept Ricochet Security Advisory at http://www.entercept.com/news/uspr/08-12-02.asp or on the CERT Website: http://www.cert.org/advisories/CA-2002-26.html.

Entercept stays ahead of malicious attack techniques by examining current and future avenues of intrusion and building this knowledge into Entercept's flagship intrusion prevention solution. Entercept's Ricochet Team advises enterprises to deploy the vendor patches as soon as possible and adhere to a defense-in-depth security strategy that includes proactive, best-of-breed solutions like Entercept.

About the Entercept Ricochet Team

Entercept's Ricochet team is a specialized group of security researchers dedicated to identifying, assessing, and evaluating intelligence regarding server threats. The Ricochet team researches current and future avenues of attack and builds this knowledge into Entercept's intrusion prevention solution. Ricochet is dedicated to providing critical, viable security content via security advisories and technical briefs. This content is designed to educate organizations and security professionals about the nature and severity of Internet security threats, vulnerabilities and exploits.

About Entercept Security Technologies

Entercept Security Technologies is the proven leader in intrusion prevention software. Based on patented technology, Entercept safeguards the entire server by preventing known and unknown malicious attacks. Unlike other security solutions, Entercept uses a combination of behavioral rules and signatures to proactively prevent attacks rather than merely detecting and reporting them after they occur. Strategic partners include Cisco, Check Point, Foundstone and other leading companies. Entercept has received numerous awards and industry recognition, including Network Magazine's 2002 & 2001 Product of the Year, Fortune Small Business Magazine's `65 Big Ideas List,' SC Magazine's `Best Pick of the Year 2000 and 2001,' InfoWorld magazine's `Business Impact of the Year Award,' and InfoWorld magazine's Readers Choice `Security Product of the Year.' Entercept Security Technologies (www.entercept.com) is headquartered in San Jose, Calif., and can be reached by calling 408/576-5900, or toll-free at 800/599-3200. Entercept's European offices can be reached by calling 44-208-387-5500.
COPYRIGHT 2002 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2002, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Business Wire
Date:Aug 12, 2002
Words:562
Previous Article:Activision Value Builds on Popular `Tycoon' Series With `Skateboard Park Tycoon World Tour 2003'.
Next Article:Hometown Auto Retailers Reports Second Quarter 2002 Results; Company Nears Completion of New Facility in Boston.
Topics:


Related Articles
Entercept Names Robert Mines as New SVP of Product Development; Veteran Security Executive to Bolster Product Roadmap and Lead Research Efforts.
Predictive Systems Joins Forces With Entercept to Tighten Enterprise Security.
Entercept Teams With Ascolta to Deliver Server-Based Intrusion Prevention Training for End-Users and Security Value-Add-Resellers.
ADVISORY/Entercept Stops the SQL Worm; Also known as: Microsoft SQL Spida Worm Propagation, Digispid.B.Worm, and SQLSnake.
Entercept Security Advisory/SEA SNMP - Buffer Overflow and Format String Vulnerabilities in Sun Solaris Discovered by Entercept Security.
Entercept Introduces Elite Security Squad -- The Ricochet Team; Intrusion Prevention Leader Provides In-Depth Analysis to Educate Enterprises About...
Symantec provides U.S. Department of Defense with security intelligence.
Vulnerability management technology: a powerful alternative to attack management for networks. (Storage Networking).
U.S. Department of Homeland Security announces partnership with Carnegie Mellon's CERT coordination center.
IBM Internet Security Systems shields customers from critical Microsoft vulnerabilities.

Terms of use | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters