Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: Marc Maiffret (marcEEYE.COM)
Date: Mon Jan 22 2001 - 11:04:43 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    This indeed is a bug in Iris 1.01 beta and it has been fixed within Iris
    2.0. Iris 2.0 should be released within the next two days. All users of Iris
    1.01 are being contacted and sent a url to 2.0 once it is released.

    The one thing to note is that someone has to actually click and view the
    "evil" packet in order for Iris to crash. If you simply open iris and start
    sniffing and receive the "evil" packet, without clicking to view it, then
    Iris will not crash.

    Thanks much to grazer for contacting us prior to posting to Bugtraq so that
    we could work on a fix for this problem.

    Marc Maiffret
    Chief Hacking Officer
    eCompany / eEye

    | -----Original Message-----
    | From: Bugtraq List [mailto:BUGTRAQSECURITYFOCUS.COM]On Behalf Of grazer
    | Sent: Sunday, January 21, 2001 6:27 PM
    | Subject: eEye Iris the Network traffic analyser DoS
    | Hi there,
    | There exists a vulnerability that will cause the iris network
    | traffic analyser to hang.
    | I have included an exploit, that will demonstrate the bug, the
    | exploit will send a packet to the remote host,
    | when the remote host opens the packet (to examine it) iris will
    | quit, leaving an error message.
    | Sincerely yours,
    | Wouter ter Maat aka grazer
    | digit-labs information security
    | http://www.digit-labs.org