Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Marc Maiffret (marcEEYE.COM)
Date: Mon Jan 22 2001 - 11:04:43 CST
This indeed is a bug in Iris 1.01 beta and it has been fixed within Iris
2.0. Iris 2.0 should be released within the next two days. All users of Iris
1.01 are being contacted and sent a url to 2.0 once it is released.
The one thing to note is that someone has to actually click and view the
"evil" packet in order for Iris to crash. If you simply open iris and start
sniffing and receive the "evil" packet, without clicking to view it, then
Iris will not crash.
Thanks much to grazer for contacting us prior to posting to Bugtraq so that
we could work on a fix for this problem.
Chief Hacking Officer
eCompany / eEye
| -----Original Message-----
| From: Bugtraq List [mailto:BUGTRAQSECURITYFOCUS.COM]On Behalf Of grazer
| Sent: Sunday, January 21, 2001 6:27 PM
| To: BUGTRAQSECURITYFOCUS.COM
| Subject: eEye Iris the Network traffic analyser DoS
| Hi there,
| There exists a vulnerability that will cause the iris network
| traffic analyser to hang.
| I have included an exploit, that will demonstrate the bug, the
| exploit will send a packet to the remote host,
| when the remote host opens the packet (to examine it) iris will
| quit, leaving an error message.
| Sincerely yours,
| Wouter ter Maat aka grazer
| digit-labs information security