Sourcefire and iDEFENSE Deliver Detection for New Samba SMB Daemon Vulnerability
Monday, 20 December 2004Sourcefire, Inc., the world leader in real-time network defense, and iDEFENSE, the global leader in cyber threat intelligence solutions, today announced that their customers are the first who can detect the new Samba SMB daemon vulnerability announced earlier today. Through collaboration with iDEFENSE, the Sourcefire Vulnerability Research Team (VRT) received notice of this serious vulnerability and quickly determined that it is remotely exploitable.
Sourcefire and iDEFENSE customers received new rules for the Sourcefire 3D System and Snort IDS in conjunction with Samba's public notification of the vulnerability, allowing them to immediately protect their networks and preempt possible exploits.
To further support customers, Sourcefire's VRT has issued an advisory detailing how Sourcefire RNA can be leveraged to quickly find all potentially vulnerable SAMBA servers on a customer's network. Based on the customers security policy, the Sourcefire 3D System then automatically responds according to the ABC's of Defense - Alert, Block, Correct.
iDEFENSE has also issued a public advisory detailing the vulnerability. The cooperation between the two companies provided a fully integrated technology and intelligence solution that prevents hackers from compromising a customer's network.
Samba is a file and print serving system for heterogeneous networks. It is available for use as a service and client on UNIX/Linux systems and as a client for Microsoft Windows systems. Samba uses the SMB/CIFS protocols to allow communication between client and server. The SMB protocol contains many commands and is commonly used to control network devices and systems from a remote location.
A vulnerability exists in the way the smb daemon processes commands sent by a client system when accessing resources on the remote server. The problem exists in the allocation of memory, which can be exploited by an attacker to cause an integer overflow, possibly leading to the execution of arbitrary code on the affected system with the privileges of the user running the smbd process.
"This prompt protection demonstrates how cooperation between security companies, as well as a dual focus on intelligence and technology, is the best approach to defending against emerging threats," said Michael Sutton, director of iDEFENSE's vulnerability research. "In this instance we turned to Sourcefire because of its reputation for understanding the full disclosure process and the ability of its Vulnerability Research Team to create rules in real time."
"We are excited to be working with iDEFENSE and further investing in the expertise of our Vulnerability Research Team. Through relationships like this, Sourcefire is able to provide Sourcefire and Snort users with zero day detection for new vulnerabilities, greatly reducing their window of risk," said Martin Roesch, Sourcefire CTO and creator of Snort. "As perimeters dissolve and these types of vulnerabilities become more severe, Sourcefire's primary goal is to provide real-time protection against these threats."
Further information about this vulnerability and how to obtain Sourcefire or Snort Rules is available at http://www.sourcefire.com/services/advisories/sa121504.html. iDEFENSE's detailed advisory on the Samba vulnerability is at http://www.idefense.com/application/poi/display?id=165.
Sourcefire, Inc., Columbia
Kimberly Childers, 410-290-1616
kimberly.childers@sourcefire.com
or
iDEFENSE, Inc., Reston
Scott Schneider, 703-390-1230
press@idefense.com
or
Welz & Weisel Communications
Tony Welz, 703-323-6006
Tony@w2comm.com
or
Corporate Ink Public Relations
Adam Parken, 617-969-9192
aparken@corporateink.com
Source: Business Wire
All trademarks and copyrighted information contained herein are the property of their respective owners.
Related Articles
Recent Issues
|
