Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet v3.12 Vulnerability
From: Iván Arce <core.lists.bugtraq () CORE-SDI COM>
Date: Mon, 4 Sep 2000 19:38:06 -0300

First, i'd like to say that i havent tested eEye's Iris, or USSRLabs
exploit and this email is not a follow up off the eEye vs USSRlabs
But something from Synnergy's email catched my attention:

Synnergy wrote:

Unless the reader is wearing some unique pair of magic goggles, the term
buffer overflow does -not- include "exploitable" unless it otherwise
Not all buffer overflow's are exploitable, but can be used to cause some
arbitary problem, such as a DoS. I am sure you are aware of this by now.
However, whether or not the problem is a result of a heap based overflow
remains to be seen. The excess packets sent cause the graphical display
to update quicker than it can handle, resulting in the error, from what I
can tell.

This is be all means WRONG. And it appears to be the current trend among
many computer security companies and experts.
In my opinion, the opposite approach should be taken with regards to
buffer overflows and any other bug for that matter.
A buffer overflow is exploitable by default, unless probed otherwise.

The problem with this is that probing that a buffer overflow is not
exploitable consumes a lot more resources than the other way around. And
thats probably why we see lots of 'advisories' mentioning denial of
service attacks  on several products where in fact, if more research was
thrown in, those bugs could actually be exploitable buffer overflows
let the attacker execute arbitrary code.


"Understanding. A cerebral secretion that enables one having it to know
 a house from a horse by the roof on the house,
 It's nature and laws have been exhaustively expounded by Locke,
 who rode a house, and Kant, who lived in a horse." - Ambrose Bierce

==================[ CORE Seguridad de la Informacion S.A. ]=========
Iván Arce
PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836  B25D 207B E78E 2AD1 F65A
email   : iarce () core-sdi com
Pte. Juan D. Peron 315 Piso 4 UF 17
1038 Capital Federal
Buenos Aires, Argentina.              Tel/Fax : +(54-11) 4331-5402
Casilla de Correos 877 (1000) Correo Central

--- For a personal reply use iarce () core-sdi com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]