PGP Security's COVERT Labs Discover High-Risk Vulnerabilities in Internet File Transfers

Vulnerabilities Allow Remote Attackers to Compromise Servers Resulting in Data

Theft, Network Intrusions or Web Site Defacement



Apr 10, 2001, 01:00 ET from Network Associates, Inc.

    SANTA CLARA, Calif., April 10 /PRNewswire/ -- The COVERT Labs (Computer
 Vulnerability Emergency Response Team) at PGP Security, a
 Network Associates Company (Nasdaq: NETA), today announced the discovery of
 high-risk vulnerabilities in File Transfer Protocol (FTP) servers on multiple
 platforms including those from Sun Microsystems, SGI and Hewlett Packard.  FTP
 servers are utilized by more than 90 percent of enterprise networks to share
 data with employees, partners and customers.  This vulnerability could affect
 a significant portion of those networks and allow a remote attacker to
 completely compromise vulnerable systems, leading to data theft, network
 intrusions or web site defacement.
     FTP is the primary method of transferring files over the Internet and is
 running on many servers in their default configurations.  When attempting to
 match filename patterns (partial names that include special characters to
 indicate a pattern, rather than a specific file), most FTP servers rely on a
 function called "glob()" to resolve these into matching filenames.
 Vulnerabilities in the way many popular FTP servers expand these special
 characters could allow an attacker to introduce hostile code and potentially
 take complete control of the server.
     "In addition to the threat of data loss or attacks against private
 networks, many web server administrators rely on FTP to post web content to
 their web servers," said Jim Magdych, manager of the COVERT Labs at PGP
 Security.  "These vulnerabilities could offer an easy avenue of approach for
 an attacker intent on defacing web sites."
     After identifying these problems, the COVERT Labs team quickly moved to
 notify vendors of the threat and provide additional information so patches
 could be prepared.  For more information on these issues, including patch
 details and a comprehensive analysis of these vulnerabilities, please visit
 www.pgp.com.
     PGP Security's CyberCop Scanner product has been updated to detect against
 this vulnerability.  The CyberCop Scanner solution is a risk assessment tool
 that isolates security flaws to help prevent intruders from accessing a
 corporation's mission-critical data.  Incorporating tests for over
 800 vulnerabilities, including thorough network perimeter audits of firewalls
 and routers, the CyberCop Scanner software identifies weaknesses and helps
 enforce corporate security policies.  The product is continuously updated
 through research performed by PGP Security's COVERT Labs, ensuring that the
 latest vulnerabilities are detected.
     COVERT Labs, a part of the PGP Security business unit of Network
 Associates, identifies and works to resolve serious vulnerabilities before
 attackers are able to exploit them.  Research is focused on widely used
 products and mission-critical services where a vulnerability could affect a
 large number of users.  By working closely with product vendors, the COVERT
 Labs at PGP Security help to secure networks and systems around the world.
     PGP Security, a Network Associates company, is a worldwide leader in
 products and services focusing on solving privacy and data confidentiality
 issues, and has a strong history of setting security industry standards.  PGP
 Security's breadth of security products, including firewall, encryption,
 intrusion detection, risk assessment and VPN technologies, address the full
 range of security and privacy issues, anywhere information is transmitted or
 stored.  PGP Security's products secure over seven million users and include
 several of the industry's well-known security brands, including Gauntlet
 Firewall and VPN, PGP Data Security, CyberCop Scanner, and PGP e-ppliances.
 PGP Security's COVERT research team identifies and works to resolve serious
 vulnerabilities before attackers are able to exploit them.  The findings are
 incorporated into the product offerings, ensuring protection from the latest
 vulnerabilities.  For more information and software evaluations, visit
 http://www.pgp.com .
 
     About Network Associates
     With headquarters in Santa Clara, Calif., Network Associates, Inc. is a
 leading supplier of security and availability solutions for e-businesses.
 Network Associates is comprised of four business units:  McAfee, delivering
 world class anti-virus products; PGP Security, providing firewall, intrusion
 detection and encryption products; Sniffer Technologies, a leader in network
 and application management; and Magic Solutions, providing web-based service
 desk solutions.  For more information, Network Associates can be reached at
 972-308-9960 or on the Internet at http://www.nai.com .
     NOTE:  Network Associates, PGP, McAfee, Sniffer, Gauntlet, CyberCop,
 CyberCop Scanner, CyberCop Monitor, WebShield and Magic Solutions are
 registered trademarks of Network Associates, Inc. and/or its affiliates in the
 U.S. and/or other countries.  All other registered and unregistered trademarks
 in this document are the sole property of their respective owners.
 
 

SOURCE Network Associates, Inc.
    SANTA CLARA, Calif., April 10 /PRNewswire/ -- The COVERT Labs (Computer
 Vulnerability Emergency Response Team) at PGP Security, a
 Network Associates Company (Nasdaq: NETA), today announced the discovery of
 high-risk vulnerabilities in File Transfer Protocol (FTP) servers on multiple
 platforms including those from Sun Microsystems, SGI and Hewlett Packard.  FTP
 servers are utilized by more than 90 percent of enterprise networks to share
 data with employees, partners and customers.  This vulnerability could affect
 a significant portion of those networks and allow a remote attacker to
 completely compromise vulnerable systems, leading to data theft, network
 intrusions or web site defacement.
     FTP is the primary method of transferring files over the Internet and is
 running on many servers in their default configurations.  When attempting to
 match filename patterns (partial names that include special characters to
 indicate a pattern, rather than a specific file), most FTP servers rely on a
 function called "glob()" to resolve these into matching filenames.
 Vulnerabilities in the way many popular FTP servers expand these special
 characters could allow an attacker to introduce hostile code and potentially
 take complete control of the server.
     "In addition to the threat of data loss or attacks against private
 networks, many web server administrators rely on FTP to post web content to
 their web servers," said Jim Magdych, manager of the COVERT Labs at PGP
 Security.  "These vulnerabilities could offer an easy avenue of approach for
 an attacker intent on defacing web sites."
     After identifying these problems, the COVERT Labs team quickly moved to
 notify vendors of the threat and provide additional information so patches
 could be prepared.  For more information on these issues, including patch
 details and a comprehensive analysis of these vulnerabilities, please visit
 www.pgp.com.
     PGP Security's CyberCop Scanner product has been updated to detect against
 this vulnerability.  The CyberCop Scanner solution is a risk assessment tool
 that isolates security flaws to help prevent intruders from accessing a
 corporation's mission-critical data.  Incorporating tests for over
 800 vulnerabilities, including thorough network perimeter audits of firewalls
 and routers, the CyberCop Scanner software identifies weaknesses and helps
 enforce corporate security policies.  The product is continuously updated
 through research performed by PGP Security's COVERT Labs, ensuring that the
 latest vulnerabilities are detected.
     COVERT Labs, a part of the PGP Security business unit of Network
 Associates, identifies and works to resolve serious vulnerabilities before
 attackers are able to exploit them.  Research is focused on widely used
 products and mission-critical services where a vulnerability could affect a
 large number of users.  By working closely with product vendors, the COVERT
 Labs at PGP Security help to secure networks and systems around the world.
     PGP Security, a Network Associates company, is a worldwide leader in
 products and services focusing on solving privacy and data confidentiality
 issues, and has a strong history of setting security industry standards.  PGP
 Security's breadth of security products, including firewall, encryption,
 intrusion detection, risk assessment and VPN technologies, address the full
 range of security and privacy issues, anywhere information is transmitted or
 stored.  PGP Security's products secure over seven million users and include
 several of the industry's well-known security brands, including Gauntlet
 Firewall and VPN, PGP Data Security, CyberCop Scanner, and PGP e-ppliances.
 PGP Security's COVERT research team identifies and works to resolve serious
 vulnerabilities before attackers are able to exploit them.  The findings are
 incorporated into the product offerings, ensuring protection from the latest
 vulnerabilities.  For more information and software evaluations, visit
 http://www.pgp.com .
 
     About Network Associates
     With headquarters in Santa Clara, Calif., Network Associates, Inc. is a
 leading supplier of security and availability solutions for e-businesses.
 Network Associates is comprised of four business units:  McAfee, delivering
 world class anti-virus products; PGP Security, providing firewall, intrusion
 detection and encryption products; Sniffer Technologies, a leader in network
 and application management; and Magic Solutions, providing web-based service
 desk solutions.  For more information, Network Associates can be reached at
 972-308-9960 or on the Internet at http://www.nai.com .
     NOTE:  Network Associates, PGP, McAfee, Sniffer, Gauntlet, CyberCop,
 CyberCop Scanner, CyberCop Monitor, WebShield and Magic Solutions are
 registered trademarks of Network Associates, Inc. and/or its affiliates in the
 U.S. and/or other countries.  All other registered and unregistered trademarks
 in this document are the sole property of their respective owners.
 
 SOURCE  Network Associates, Inc.

RELATED LINKS

http://www.mcafee.com