Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

3Com's Zero Day Initiative issues advisory for Symantec vulnerabilities discovered through program

  • 29 March, 2006 16:41

<p>3Com Research Programs Lead to Discovery and Patch of Vulnerabilities through Collaboration with Vendor; 3Com Protects Customers Before Flaw Disclosed Publicly</p>
<p>Sydney, Australia – 29 March, 2006 – 3Com and its TippingPoint division announced three new vulnerabilities in Symantec’s VERITAS NetBackup. Two of the vulnerabilities were discovered and disclosed through the Zero Day Initiative (ZDI), and one was discovered through the TippingPoint Security Research Team. Through ZDI, 3Com notified Symantec of the vulnerabilities, who worked quickly to issue corresponding patches yesterday, eliminating the threat of a zero day attack. The Symantec buffer overflow vulnerabilities could allow an attacker to execute code, resulting in the compromise of vulnerable clients and servers running the affected software.</p>
<p>Upon validating the vulnerability information, 3Com reported the first vulnerability to Symantec in December. The other two vulnerabilities were validated and reported to Symantec in January. Upon notification, Symantec applied the necessary resources to address the vulnerabilities and issued the patch today. 3Com customers using the TippingPoint Intrusion Prevention System (IPS) have been preemptively protected against potential zero day attacks targeting the vulnerability since the vendor was notified.</p>
<p>The Zero Day Initiative was launched by 3Com in July to enable the responsible disclosure of vulnerabilities in order to make technology more secure for users and businesses. Zero day vulnerability is one that is unknown or one that has been publicly disclosed without a corresponding patch or solution. Since the launch, over 300 researchers have registered for the program.</p>
<p>Through the program, 3Com rewards security researchers for responsibly informing 3Com of newly discovered zero day vulnerabilities. 3Com notifies the affected vendor so a patch can be developed and the researcher agrees to keep the information confidential until the patch is issued so affected organisations are not at risk of attack. In addition to protecting all users from zero day threats by ensuring potentially harmful information is kept confidential until a patch is issued, TippingPoint customers are protected against exploits of zero day vulnerabilities through security filters delivered through the Digital Vaccine service.</p>
<p>Symantec’s advisory credits 3Com with the discovery, stating, “Symantec thanks 3Com for reporting these issues and for providing full coordination under responsible disclosure while Symantec resolved them.”</p>
<p>For a full list of ZDI advisories and specific information on the Symantec vulnerabilities, please visit: http://www.zerodayinitiative.com/advisories.html.</p>
<p>About TippingPoint, a division of 3Com
TippingPoint, a division of 3Com, is the leading provider of network-based intrusion prevention systems. The TippingPoint IPS is the most decorated in its industry. For a full list of awards, visit http://www.tippingpoint.com/products_certifications.html. Our innovative approach offers customers unmatched network-based security with ultra-high performance, scalability and reliability. TippingPoint is based in Austin, Texas, and can be contacted through its Web site at www.tippingpoint.com or by telephone at 1-888-TRUE-IPS.</p>
<p>About 3Com Corporation
3Com Corporation (NASDAQ: COMS) is a leading provider of secure, converged voice and data networking solutions for enterprises of all sizes. 3Com offers a broad line of innovative products backed by world class sales, service and support, which excel at delivering business value for its customers. Through its TippingPoint division, 3Com is the leading provider of network-based intrusion prevention systems that deliver in-depth application protection, infrastructure protection, and performance protection for corporate enterprises, government agencies, service providers and academic institutions. For further information, please visit www.3com.com, or the press site www.3com.com/pressbox.</p>
<p>Copyright © 2006 3Com Corporation. 3Com, the 3Com logo and Digital Vaccine are registered trademarks and TippingPoint is a trademark of 3Com Corporation or its subsidiaries. All other company and product names may be trademarks of their respective holders.</p>
<p>Media queries:</p>
<p>Liana Teo
Public Relations Manager, Asia Pacific
3Com Corporation
Phone: (65) 6213 5990
Mobile: (65) 9796 5500
Email: liana_teo@3com.com</p>
<p>Gerard Mansour
Red Agency
(+61) 02 9955 7877
gerard.mansour@redagency.com.au</p>

Most Popular

Market Place