Eeye IRIS Buffer Overflow Vulnerability
BID:1627
Info
Eeye IRIS Buffer Overflow Vulnerability
| Bugtraq ID: | 1627 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2000-0734 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Aug 31 2000 12:00AM |
| Updated: | Jul 11 2009 02:56AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list by Underground Security Systems Research (USSR Labs) on August 31, 2000. |
| Vulnerable: |
SpyNet CaptureNet 3.0.12 eEye Digital Security IRIS 1.0.1 |
| Not Vulnerable: | |
Discussion
Eeye IRIS Buffer Overflow Vulnerability
IRIS from eEye Digital Security is a protocol analyzer geared towards network management, it is currently in BETA. This product was formerly known as SpyNet CaptureNet. Certain versions of the this software are vulnerable to a remotely triggered buffer overflow attack. This attack is orchestrated by a malicious user launching multiple UDP sessions to random ports on the machine which IRIS resides on (and is in operation on). The net result of this buffer overflow is that the product ceases to function and may drive system resources to 100% before exiting. It may be possible that this overflow (a heap overflow according to the attached advisory) could result in a system compromise. No information indicating that this is the case has been released.
IRIS from eEye Digital Security is a protocol analyzer geared towards network management, it is currently in BETA. This product was formerly known as SpyNet CaptureNet. Certain versions of the this software are vulnerable to a remotely triggered buffer overflow attack. This attack is orchestrated by a malicious user launching multiple UDP sessions to random ports on the machine which IRIS resides on (and is in operation on). The net result of this buffer overflow is that the product ceases to function and may drive system resources to 100% before exiting. It may be possible that this overflow (a heap overflow according to the attached advisory) could result in a system compromise. No information indicating that this is the case has been released.
Exploit / POC
Solution / Fix
Eeye IRIS Buffer Overflow Vulnerability
Solution:
The vendor has provided both a statement on this issue (attached in the 'Credit' section) and a work around:
" The problem triggered by this "DoS" seems to result from filling packet buffers faster than Windows can paint them to the screen. If you are really worried about this, until Iris is out of beta and fixes the "problem", then we recommend you turn off Iris's Capture packet display feature and use Iris's decode view instead."
Solution:
The vendor has provided both a statement on this issue (attached in the 'Credit' section) and a work around:
" The problem triggered by this "DoS" seems to result from filling packet buffers faster than Windows can paint them to the screen. If you are really worried about this, until Iris is out of beta and fixes the "problem", then we recommend you turn off Iris's Capture packet display feature and use Iris's decode view instead."
References
Eeye IRIS Buffer Overflow Vulnerability
References:
References:
- eEye Digital Security Team Home Page (eEye)
- USSR Homepage (USSR Labs)