Ottawa, ON; Reston, VA (PRWEB) March 24, 2006
Third Brigade, Inc. (http://www.thirdbrigade.com) today announced that customers that have deployed Deep Security, its advanced Intrusion Prevention System (IPS), are protected from attacks that could exploit a vulnerability recently disclosed in Sendmail.
Sendmail contains a vulnerability that allows an attacker to remotely compromise the machine on which it is running. This connection-oriented vulnerability does not occur in the normal course of sending and receiving email. It is triggered when specific conditions are created through SMTP connection layer commands. The vulnerability does not require authentication and can be attempted repeatedly without crashing the parent sendmail process. Successful exploitation of this vulnerability would allow an attacker to gain the privileges of the sendmail process running on a system, and run arbitrary commands and code, subject to those privileges. This could allow them to interfere with email delivery, tamper with other programs and data on the systems, or try to gain access to other systems on the same network.
“Sendmail is a popular mail server and is included in many Linux and UNIX platforms as well as being deployed in many cases on Windows platforms,” said Brian O'Higgins, CTO of Third Brigade, Inc. “Because it’s so widely used, this vulnerability is critical. This is another reminder that protection of multiple platform types and multiple application types is a key requirement for intrusion prevention solutions.”
Third Brigade's advanced, host-based intrusion prevention system provides effective, proactive protection for a wide range of vulnerabilities that exist in open source and propriety software applications.
Third Brigade customers automatically receive updates with the latest filters that protect against the Sendmail and other vulnerabilities. Third Brigade Deep Security proactively stops attacks before they impact hosts, helps ensure compliance with industry regulations such as PCI (including Visa CISP, Mastercard SDP), Sarbanes-Oxley, HIPAA, GLBA, FISMA and corporate policies, reduces operating costs, and prevents service disruptions caused by attacks.
For Third Brigade security dispatches on this security bulletin, click here: http://www.thirdbrigade.com/security/dispatches.html
For more information on the Sendmail security bulletin, click here: http://www.sendmail.com/company/advisory/index.shtml
For information on Third Brigade Deep Security, click here: http://www.thirdbrigade.com/products/index.html
About Third Brigade
Third Brigade specializes in providing intrusion prevention systems (IPS) to health care, government, telecommunications, financial services and other organizations that need to prevent attacks that exploit vulnerabilities in commercial and custom software, including web applications. It enables you to create and enforce comprehensive security policies that proactively protect critical applications, sensitive data, and hosts, ensure regulatory compliance, and maximize the performance of your people, processes and hosts. Unlike other intrusion prevention systems, Third Brigade’s is not intrusive. It has been architected from the ground-up for intrusion prevention, and is smaller, faster and simpler. Third Brigade. That’s control.
For media and analyst inquiries only, contact:
Media and Analyst Relations
Third Brigade, Inc.
(T) 613-599-4505 x2238 (NEW)
# # #