Re: FW: Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet v3.12 Vulnerability

[bind <bind () SUBTERRAIN NET>]

  Just to reaffirm the vulnerability found.  I recently tested this on my
test network against a pentium II 400 MHz with 64 Mb ram running Iris.  Using
the code provided by USSR labs, I was able to see the program crash after one
minute of flooding.

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet v3.12
> Vulnerability
>
> USSR Advisory Code:  USSR-2000052
>
> Release Date:
> August 31, 2000
>
> Systems Affected:
> Eeye Iris 1.01
> SpyNet CaptureNet v3.12
>
>
> THE PROBLEM:
>
> The Ussr Team has found a problem in Eeye IRIS 1.01, There is a heap
> memory buffer o
> verflow in IRIS 1.01 that causes not only this network sniffing
> program to crash,
> but also to take system resources up to 100% usage, until it crashes.
>
> The vulnerability arises after sending multiple udp connection to
> random ports
> on the host that IRIS or SpyNet CaptureNet is running.
>
> The results of this will cause the following crash:
> http://www.ussrback.com/iriscrash.jpg
>
>
> SPECIAL NOTE:
> That we take no responsibility for this code it is for educational
> purposes only.
>
> D.O.S Code:
> Binary or source (console win32)
>
> http://www.ussrback.com/iris101d.zip
>
>
> Vendor Status:
> Send me the advisory if you want, otherwise your wasting my fucking
> time.
>
> Signed,
> Marc Maiffret
> Chief Hacking Officer
> eCompany / eEye
> T.949.349.9062
> F.949.349.9538
> http://eEye.com
>
>
> SOLUTION:
> Install Free Ethereal for win32, Ethereal is Open Source software
> released under the GNU
> General Public License. and it does the same thing
> http://ethereal.zing.org/ ,or wait untill
> Eeye fix this kind of attack.
>
> Vendor   Url: http://www.eeye.com
> Program  Url: http://www.eeye.com/html/Products/Iris/overview.html
> Download Url: http://www.eeye.com/iris/iris101.exe
> SpyNet   Url:
> http://packetstorm.securify.com/sniffers/spynet/spynet312.exe
>
> Related Links:
>
> Underground Security Systems Research:
> http://www.ussrback.com
>
> CrunchSp Product:
> http://www.crunchsp.com
>
>
> To all of you security and hacking related enthusiasts out there,
> come chat with us on our own IRC server:
>
> irc.ussrback.com port: 6667 #ussrback
>
>
> About:
>
> USSR is a young company based in South America devoted to
> research about computers, network security, and software
> protection systems
> One of the main objectives of USSR is to develop and implement new
> security and protection systems based on our knowledge and
> experience.
>
> However, we believe that the way we implement security solutions,
> can make a difference, CrunchSP is a good example.
> In our day to day research we detect vulnerability issues in
> different applications that we publish on our advisory board.
>
> Most of USSR programmers and partners have more than 12 years
> of experience in different computer based applications, with
> great knowledge in high and low level programming languages.
>
> For further information on USSR, feel free to contact us by email.
>
> USSR has assembled some of the worlds greatest software developers
> and security consultants to help us provide our customers this great
> range of security services:
>
> * Network Penetration Testing
> * Security Application development
> * Application Security Testing and Certification
> * Security Based on Security Tools
> * Cryptography
> * Emergency Response Team
> * Firewalling
> * Virtual Private Networking
> * Intrusion Detection
> * Support and maintenance
>
> Copyright (c) 1999-2000 Underground Security Systems Research.
> Permission is hereby granted for the redistribution of this alert
> electronically. It is not to be edited in any way without explicit
> consent of Ussr. If you wish to reprint whole or any part of this
> alert in any other medium excluding electronic medium, please e-mail
> labs () ussrback com for permission.
>
> Disclaimer:
> The information within this paper may change without notice. We may
> not be held responsible for the use and/or potential effects of these
> programs or advisories.  Use them and read them at your own risk or
> not at all. You solely are responsible for this judgement.
>
> Feedback:
> Please send suggestions, updates, and comments to:
>
> Underground Security Systems Research
> mail:labs () ussrback com
> http://www.ussrback.com
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBOa5PeK3JcbWNj6DDEQIU0QCfWBt/u6Qe03pIKAf47RrpAndFqGsAn0zJ
> uRecpEpwTyb6M5sP5qorrlTT
> =77rI
> -----END PGP SIGNATURE-----