ABOUT SYMANTEC

Press Release

LinkedIn Facebook Twitter RSS

Symantec ManHunt's Protocol Anomaly Detects Sendmail Vulnerability

Customers Are Protected Against This Specific Exploit

CUPERTINO, Calif. - March 5, 2003 - Symantec Corp. (NASDAQ: SYMC), the world leader in Internet security, today announced that Symantec ManHunt's protocol anomaly detection technology detected the Sendmail Header Processing vulnerability, a remotely exploitable vulnerability in Sendmail, one of the most common e-mail servers. Symantec ManHunt customers have been protected against this specific exploit since its discovery without having to update the product.

"Symantec ManHunt's detection ability is one of its key strengths. In addition to classic signature capabilities, ManHunt also provides protocol anomaly detection, which looks for deviations from normal protocol behavior and detects novel attacks," said Frank Huerta, vice president, IDS product delivery at Symantec. "In this case, Symantec ManHunt's protocol anomaly detection detected the Sendmail exploit as a violation of the mail protocol. Our customers were alerted to the attack without having to update the product to protect against this specific vulnerability."

The remotely exploitable vulnerability was discovered in multiple versions of Sendmail. Remote attackers may gain root access (complete control) on affected SMTP servers. As SMTP servers are responsible for delivering and receiving e-mail, sensitive information may also be disclosed or tampered with by attackers. Sendmail is a widely used message transfer agent (MTA) for UNIX and Microsoft Windows systems.

Symantec ManHunt is an advanced network-based intrusion detection system that provides multiple detection methodologies to detect both known and unknown, or "zero day" attacks. ManHunt's core detection capability uses protocol anomaly detection, signature detection with custom signature support, traffic state profiling and statistical flow analysis to identify intrusions and denial of service attacks. ManHunt detects intrusions at speeds of up to 2 gigabits per second, dependent upon system configuration.

Symantec ManHunt is a key element of Symantec Enterprise Security, which provides any size organization with the technology, global response and services necessary to manage its information security. Symantec's comprehensive solution offers best-of-breed products to protect gateways, servers and clients with firewall security, virtual private networking (VPN), intrusion detection, vulnerability management and virus protection. Customers benefit from Symantec's global network of researchers that provide customers with around-the-clock, immediate response to any new security-related attacks. Symantec Enterprise Security customers are also supported by one of the largest professional security organizations in the world, offering security consulting, security education and managed security services. For more information, please visit Symantec's enterprise Web site at http://enterprisesecurity.symantec.com.

About Symantec
Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com.

NOTE TO EDITORS: : If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/PressCenter/ on Symantec's Web site. All prices noted are in US dollars and are valid only in the United States.

Symantec, the Symantec logo, VERITAS, and the VERITAS logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and certain other countries. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.

@Symantec