Third Brigade's Intrusion Prevention System protects against Sendmail vulnerability

  <http://www.thirdbrigade.com/> 

 

FOR IMMEDIATE RELEASE

 

Third Brigade's Intrusion Prevention System protects enterprises from
critical Sendmail vulnerability affecting multiple platforms

 

Ottawa, ON and Reston, VA - March 24, 2006 -- Third Brigade, Inc. (
www.thirdbrigade.com <http://www.thirdbrigade.com/> ) today announced
that customers that have deployed Deep Security, its advanced Intrusion
Prevention System (IPS), are protected from attacks that could exploit a
vulnerability recently disclosed in Sendmail.

 

Sendmail contains a vulnerability that allows an attacker to remotely
compromise the machine on which it is running. This connection-oriented
vulnerability does not occur in the normal course of sending and
receiving email.  It is triggered when specific conditions are created
through SMTP connection layer commands. The vulnerability does not
require authentication and can be attempted repeatedly without crashing
the parent Sendmail process. Successful exploitation of this
vulnerability would allow an attacker to gain the privileges of the
Sendmail process running on a system, and run arbitrary commands and
code, subject to those privileges.   This could allow them to interfere
with email delivery, tamper with other programs and data on the systems,
or try to gain access to other systems on the same network. 

 

"Sendmail is a popular mail server and is included in many Linux and
UNIX platforms as well as being deployed in many cases on Windows
platforms," said Brian O'Higgins, CTO of Third Brigade, Inc. "Because
it's so widely used, this vulnerability is critical.  This is another
reminder that protection of multiple platform types and multiple
application types is a key requirement for intrusion prevention
solutions."

 

Third Brigade's advanced, host-based intrusion prevention system
provides effective, proactive protection for a wide range of
vulnerabilities that exist in open source and propriety software
applications.

 

Third Brigade customers automatically receive updates with the latest
filters that protect against the Sendmail and other vulnerabilities.
Third Brigade Deep Security proactively stops attacks before they impact
hosts, helps ensure compliance with industry regulations such as PCI
(including Visa CISP, Mastercard SDP), Sarbanes-Oxley, HIPAA, GLBA,
FISMA and corporate policies, reduces operating costs, and prevents
service disruptions caused by attacks.

 

For Third Brigade security dispatches on this security bulletin, click
here: http://www.thirdbrigade.com/security/dispatches.html

 

For more information on the Sendmail security bulletin, click here: 
http://www.sendmail.com/company/advisory/index.shtml 

 

For information on Third Brigade Deep Security, click here: 
http://www.thirdbrigade.com/products/index.html

 

About Third Brigade

Third Brigade specializes in providing intrusion prevention systems
(IPS) to health care, government, telecommunications, financial services
and other organizations that need to prevent attacks that exploit
vulnerabilities in commercial and custom software, including web
applications. It enables you to create and enforce comprehensive
security policies that proactively protect critical applications,
sensitive data, and hosts, ensure regulatory compliance, and maximize
the performance of your people, processes and hosts. Unlike other
intrusion prevention systems, Third Brigade's is not intrusive. It has
been architected from the ground-up for intrusion prevention, and is
smaller, faster and simpler. Third Brigade. That's control.

 

- ## -

 

For media and analyst inquiries only, contact:

Kathryn Schwab

Media and Analyst Relations

Third Brigade, Inc.

(T) 613-599-4505 x2238 (NEW)

(M) 613-858-4407

kathryn.schwab@thirdbrigade.com