SANTA CLARA, Calif., July 18 - Network Associates, Inc., (NYSE: NET), the leading provider of intrusion prevention solutions, today announced that it is providing complete system and network protection for the recently discovered Cisco IOS and Microsoft RPC vulnerabilities with its McAfee IntruShield(R), McAfee Entercept(R) and Sniffer(R) Network Protection Platform technologies. Network Associates is recommending that users deploy these technologies to identify and block attempts to exploit these vulnerabilities.
Customers utilizing the complete array of McAfee System and Network protection solutions should feel confident that:
- - McAfee Entercept solutions stop attacks against the Microsoft RPC exploit because of its first and only patented buffer overflow technology
- - McAfee IntruShield stops the Cisco IOS vulnerability enabling companies to be safe now rather than rushing a major upgrade to their Cisco routers and switches
- - Sniffer Technologies filters can be used to alert managers to the presence of the malicious traffic used to exploit the Cisco IOS vulnerability
- - InfiniStream Security Forensics can be used to mine and reconstruct malicious traffic that was directed at specific routers
Network Associates' McAfee(R) Protection-in-Depth(TM) Strategy delivers the industry's only complete set of system and network protection solutions differentiated by intrusion prevention technology that can detect and block these types of attacks. Under this protected umbrella, users can plan and install the appropriate patches available from Cisco and Microsoft.
Microsoft RPC Interface Buffer Overflow
Microsoft recently published an advisory regarding buffer overflow vulnerability present in the Windows RPC Service. The RPC service provides remote procedure calls between objects executing on two remote machines running the Windows operating system.
SCOPE
An attacker can exploit this vulnerability by crafting a specifically malformed RPC packet and sending it to a vulnerable server. The attacker will need access to the vulnerable server RPC interface that is located at port 135.
A malicious attacker may use this vulnerability to execute code of his choice on the victim machine. Since the RPC service executes with system privileges an attacker executing code as the result of this attack can fully compromise the vulnerable server.
VERSIONS AFFECTED
Windows NT 4.0
Windows 2000
SOLUTION
McAfee Entercept provides patented protection against code execution as a result of buffer overflows and prevents the exploitation of the RPC Interface buffer overflow vulnerability.
Cisco IOS Vulnerability
Cisco Systems has recently published an advisory regarding the Cisco routers and switches running Cisco Internetwork Operating System (IOS) software configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to remote denial of service (DoS) attack.
SCOPE
By sending specially crafted IPv4 packets to an interface on a vulnerable device, an attacker can cause the device to stop processing packets destined for that interface. No alarms will be triggered, nor will the router reload to correct itself. This issue can affect all Cisco devices running Cisco IOS software.
This vulnerability may be exploited repeatedly, resulting in loss of availability until a workaround has been applied or the device has been upgraded to a fixed version of the IOS.
VERSIONS AFFECTED
Cisco IOS 11.x Cisco IOS 12.0, 12.1, 12.2 Devices that are only running Internet Protocol version 6 (IPv6) are not affected by this vulnerability.
SOLUTION
McAfee IntruShield users with 1.5.8.4 signature set and 1.5.19 Sensor Image will alert on attacks exploiting this vulnerability. The IntruShield Manager will display "Cisco: IOS Protocol DoS" alert when this exploit is detected. IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.
The Sniffer engineering team has created two filters that enable customers with Sniffer Distributed or Sniffer Portable to detect if attempts are being made to exploit the Cisco IOS vulnerability. Additionally, customers can use Sniffer Distributed and InfiniStream Security Forensics to monitor the network, from the edge to the core, to detect events that may trigger these vulnerabilities.
Network Associates recommends that users affected by these vulnerabilities deploy the necessary patches and continue to adhere to both Microsoft and Cisco's security recommendations. Users affected by the Microsoft RPC buffer overflow update their systems with Microsoft patch 823980 available on the Microsoft web site at: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bu lletin/MS03-026.asp and restart the server. Users affected by the Cisco IOS vulnerability should update their systems with patches available on the Cisco web site at: http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml and restart the server.
Network Associates has immediately begun a customer outreach program through PrimeSupport(R) to help customers ensure that their systems and networks are protected from the Microsoft RPC and Cisco IOS vulnerabilities. Information on the Network Associates technologies to provide complete system and network protection can be found online at the Network Associates site located at http://www.networkassociates.com.
McAfee Entercept(R) is a part of Network Associates' McAfee Systems Protection Solutions family of products, and offers market leading technology to deliver intrusion prevention systems for servers, databases and web servers. McAfee Entercept(R) technology analyzes application behavior and blocks suspicious activity. Its cutting-edge ability was demonstrated when it stopped Slammer, Code Red and Nimda immediately.
McAfee(R) IntruShield(R), a part of Network Associates' McAfee Network Protection Solutions family of products, is a unique cutting-edge technology that prevents intrusions "on the wire" before they hit critical systems. Highly automated and easily managed, McAfee IntruShield(R) is designed with such flexibility that it can be implemented in a phased approach -- that overcomes the false positives inherent with today's legacy intrusion detection systems -- and thus enables you to develop the right policy for blocking in your unique IT infrastructure. For example, you can deploy in-line to notify and block known attacks, and to notify-only on unknown attacks. Or you can implement complete blocking but just for business-critical network segments. IntruShield(R) is delivered in a high-speed appliance which is able to scan traffic and assess threat levels with blinding speed, even on gigabit networks. It can be use
Sniffer Network Protection products are a part of Network Associates' McAfee Network Protection Solutions family of products, and deliver network, security, and application management solutions designed to ensure optimal business uptime and availability. Supporting the widest range of network topologies in the industry, the Sniffer products enable enterprises, small to medium businesses, and service providers worldwide to effectively keep their networks and applications up and running at peak performance, 24x7. As one of the most trusted providers of monitoring, troubleshooting, and network visualization solutions, Sniffer products are designed to meet the demanding availability and security requirements of organizations' Web sites; Internet applications; converged voice, video, and data networks; wireless local area networks (LANs); and high speed switched and optical networks. For more information on Sniffer Network Protection pr
About Network Associates
With headquarters in Santa Clara, Calif., Network Associates, Inc creates best-of-breed computer security solutions that prevent intrusions on networks and protect computer systems from the next generation of blended attacks and threats. Offering two families of products, McAfee System Protection Solutions, securing desktops and servers, and McAfee Network Protection Solutions, ensuring the protection and performance of the corporate network, Network Associates offers computer security to large enterprises, governments, small and medium sized businesses, and consumers. These two product portfolios incorporate Network Associates' leading McAfee Security, Sniffer Technologies and Magic Solutions product lines. For more information, Network Associates can be reached at 972-963-8000 or on the Internet at http://www.networkassociates.com/ .
# # #
Voor meer informatie:
Ezra van Tiel
Applied Communications
T: 020 531 3738
E: ezra@appliedcom.com
Patrick Aalbers
Network Associates
T: 020 586 6264
E: patrick_aalbers@nai.com
NOTE: Network Associates, McAfee, Sniffer, Magic Solutions, IntruShield, Entercept and PrimeSupport are registered trademarks or trademarks of Network Associates, Inc. and/or its affiliates in the United States and/or other countries. Sniffer(R) brand products are made only by Network Associates, Inc. All other registered and unregistered trademarks herein are the sole property of their respective owners.