Bugtraq mailing list archives

Re: Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet v3.12 Vulnerability

From: Iván Arce <core.lists.bugtraq () CORE-SDI COM>
Date: Mon, 4 Sep 2000 19:38:06 -0300

First, i'd like to say that i havent tested eEye's Iris, or USSRLabs
exploit and this email is not a follow up off the eEye vs USSRlabs
thread.
But something from Synnergy's email catched my attention:

Synnergy wrote:



Unless the reader is wearing some unique pair of magic goggles, the term
buffer overflow does -not- include "exploitable" unless it otherwise
states.
Not all buffer overflow's are exploitable, but can be used to cause some
arbitary problem, such as a DoS. I am sure you are aware of this by now.
However, whether or not the problem is a result of a heap based overflow
remains to be seen. The excess packets sent cause the graphical display
to update quicker than it can handle, resulting in the error, from what I
can tell.


This is be all means WRONG. And it appears to be the current trend among
many computer security companies and experts.
In my opinion, the opposite approach should be taken with regards to
buffer overflows and any other bug for that matter.
A buffer overflow is exploitable by default, unless probed otherwise.

The problem with this is that probing that a buffer overflow is not
exploitable consumes a lot more resources than the other way around. And
thats probably why we see lots of 'advisories' mentioning denial of
service attacks  on several products where in fact, if more research was
thrown in, those bugs could actually be exploitable buffer overflows
that
let the attacker execute arbitrary code.

-ivan

--
"Understanding. A cerebral secretion that enables one having it to know
 a house from a horse by the roof on the house,
 It's nature and laws have been exhaustively expounded by Locke,
 who rode a house, and Kant, who lived in a horse." - Ambrose Bierce


==================[ CORE Seguridad de la Informacion S.A. ]=========
Iván Arce
Presidente
PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836  B25D 207B E78E 2AD1 F65A
email   : iarce () core-sdi com
http://www.core-sdi.com
Pte. Juan D. Peron 315 Piso 4 UF 17
1038 Capital Federal
Buenos Aires, Argentina.              Tel/Fax : +(54-11) 4331-5402
Casilla de Correos 877 (1000) Correo Central
=====================================================================

--- For a personal reply use iarce () core-sdi com

Current thread:

Re: Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet v3.12 Vulnerability Dino Amato (Aug 31)
- Re: Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet v3.12 Vulnerability Marc Maiffret (Sep 01)
- <Possible follow-ups>
- Re: Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet v3.12 Vulnerability Jonathan Rickman (Sep 01)
- Re: Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet v3.12 Vulnerability Michael Davis (Sep 01)
- Re: Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet v3.12 Vulnerability Synnergy (Sep 02)
  - Re: Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet v3.12 Vulnerability Iván Arce (Sep 04)