Re: eEye Iris the Network traffic analyser DoS

[Marc Maiffret <marc () eeye com>]

This indeed is a bug in Iris 1.01 beta and it has been fixed within Iris
2.0. Iris 2.0 should be released within the next two days. All users of Iris
1.01 are being contacted and sent a url to 2.0 once it is released.

The one thing to note is that someone has to actually click and view the
"evil" packet in order for Iris to crash.  If you simply open iris and start
sniffing and receive the "evil" packet, without clicking to view it, then
Iris will not crash.

Thanks much to grazer for contacting us prior to posting to Bugtraq so that
we could work on a fix for this problem.

Signed,
Marc Maiffret
Chief Hacking Officer
eCompany / eEye
T.949.349.9062
F.949.349.9538
http://eEye.com


| -----Original Message-----
| From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of grazer
| Sent: Sunday, January 21, 2001 6:27 PM
| To: BUGTRAQ () SECURITYFOCUS COM
| Subject: eEye Iris the Network traffic analyser DoS
|
|
| Hi there,
|
| There exists a vulnerability that will cause the iris network
| traffic analyser to hang.
| I have included an exploit, that will demonstrate the bug, the
| exploit will send a packet to the remote host,
| when the remote host opens the packet (to examine it) iris will
| quit, leaving an error message.
|
| Sincerely yours,
|
| Wouter ter Maat aka grazer
| digit-labs information security
| http://www.digit-labs.org
|
|