Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

3Com's Zero Day Initiative alleviates first threat discovered through program

  • 13 October, 2005 11:28

<p>Zero Day Initiative Leads to Discovery and Patch of Vulnerability through Collaboration with Vendor; 3Com Protects Customers Before Flaw Disclosed Publicly</p>
<p>Sydney, Australia. – 13 October 2005 – 3Com and its TippingPoint division, today announced the first vulnerability disclosed through the Zero Day Initiative (ZDI) and worked closely with the affected vendor to issue a corresponding patch, eliminating the threat of a zero day attack. The vulnerability was discovered in Veritas NetBackup versions 4.5 through 6.0 from Symantec.</p>
<p>Upon obtaining the vulnerability information, 3Com immediately reported the threat to Symantec on 12 September, which in turn applied the necessary resources to address the vulnerability and issued the patch today. Shortly after reporting the threat to Symantec, 3Com customers using the TippingPointTM IPS were issued protection against zero day attacks targeting the Symantec vulnerability, and have been pre-emptively protected for nearly one month.</p>
<p>The Zero Day Initiative was launched by 3Com in July to enable the responsible disclosure of vulnerabilities in order to make technology more secure for users and businesses. Since the launch, over 150 researchers have registered for the program.</p>
<p>Through the program, 3Com rewards security researchers for responsibly informing 3Com of newly discovered zero day vulnerabilities, vulnerabilities that are unknown and for which there is no patch. 3Com notifies the affected vendor so a patch can be developed and the researcher agrees to keep the information confidential until the patch is issued so affected organisations are not at risk of attack. In addition to protecting all users from zero day threats by ensuring potentially harmful information is kept confidential until a patch is issued, TippingPoint customers are protected against exploits of zero day vulnerabilities through security filters delivered through the Digital Vaccine® service.</p>
<p>“The response we have received from launching ZDI has far exceeded our expectations,” said 3Com Chief Technology Officer Marc Willebeek-LeMair. “By harnessing the resources of the security community, we believe we have built the future model for security research and preemptive protection. We will continue to leverage our success to help benefit the entire security community by eliminating zero day threats, giving affected vendors time to patch and giving our customers preemptive protection via our intrusion prevention filters.”</p>
<p>Discovered by an independent researcher, this vulnerability allows remote attackers to execute arbitrary code on vulnerable NetBackup installations. This specific flaw exists within the bpjava-msvc daemon due to incorrect handling of format string data passed through the ‘COMMAND_LOGON_TO_MSERVER’ command. The vulnerable daemon listens on TCP port 13722 and affects both NetBackup clients and servers.</p>
<p>For more information on the Veritas vulnerability, please visit
http://www.zerodayinitiative.com/advisories/ZDI-05-001.html</p>
<p>About TippingPoint, a division of 3Com</p>
<p>TippingPoint, a division of 3Com, is the leading provider of network-based intrusion prevention systems. The TippingPoint IPS is the most decorated in its industry. For a full list of awards, visit http://www.tippingpoint.com/products_certifications.html. Our innovative approach offers customers unmatched network-based security with unrivalled economics, ultra-high performance, scalability and reliability. TippingPoint is based in
Austin, Texas, and can be contacted through its Web site at www.tippingpoint.com or by telephone at 1-888-TRUE-IPS.</p>
<p>About 3Com Corporation</p>
<p>3Com Corporation (NASDAQ: COMS) is a leading provider of secure, converged voice and data networking solutions for enterprises of all sizes. 3Com offers a broad line of innovative products backed by world class sales, service and support, which excel at delivering business value for its customers. Through its TippingPoint division, 3Com is the leading provider of network-based intrusion prevention systems that deliver in-depth application protection, infrastructure protection, and performance protection for corporate enterprises, government agencies, service providers and academic institutions. For further information, please visit www.3com.com, or the press site www.3com.com/pressbox.</p>
<p>Copyright © 2005 3Com Corporation. 3Com, the 3Com logo and Digital Vaccine are registered trademarks and TippingPoint is a trademark of 3Com Corporation or its subsidiaries. All other company and product names may be trademarks of their respective holders.</p>
<p>###</p>
<p>For further information, please contact:
Felicity Harrigan
Red Agency
02 9955 7877
felicity.harrigan@redagency.com.au</p>

Most Popular

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place