[16553] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet

daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Iv=E1n?= Arce)
Mon Sep 4 21:22:31 2000

MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID:  <39B3CCC3.1F621A96@core-sdi.com>
Date:         Mon, 4 Sep 2000 19:38:06 -0300
Reply-To: =?iso-8859-1?Q?Iv=E1n?= Arce <core.lists.bugtraq@CORE-SDI.COM>
From: =?iso-8859-1?Q?Iv=E1n?= Arce <core.lists.bugtraq@CORE-SDI.COM>
To: BUGTRAQ@SECURITYFOCUS.COM

First, i'd like to say that i havent tested eEye's Iris, or USSRLabs
exploit and this email is not a follow up off the eEye vs USSRlabs
thread.
But something from Synnergy's email catched my attention:

Synnergy wrote:
>
>
> Unless the reader is wearing some unique pair of magic goggles, the term
> buffer overflow does -not- include "exploitable" unless it otherwise
> states.
> Not all buffer overflow's are exploitable, but can be used to cause some
> arbitary problem, such as a DoS. I am sure you are aware of this by now.
> However, whether or not the problem is a result of a heap based overflow
> remains to be seen. The excess packets sent cause the graphical display
> to update quicker than it can handle, resulting in the error, from what I
> can tell.
>

This is be all means WRONG. And it appears to be the current trend among
many computer security companies and experts.
In my opinion, the opposite approach should be taken with regards to
buffer overflows and any other bug for that matter.
A buffer overflow is exploitable by default, unless probed otherwise.

The problem with this is that probing that a buffer overflow is not
exploitable consumes a lot more resources than the other way around. And
thats probably why we see lots of 'advisories' mentioning denial of
service attacks  on several products where in fact, if more research was
thrown in, those bugs could actually be exploitable buffer overflows
that
let the attacker execute arbitrary code.

-ivan

--
"Understanding. A cerebral secretion that enables one having it to know
 a house from a horse by the roof on the house,
 It's nature and laws have been exhaustively expounded by Locke,
 who rode a house, and Kant, who lived in a horse." - Ambrose Bierce


==================[ CORE Seguridad de la Informacion S.A. ]=========
Iván Arce
Presidente
PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836  B25D 207B E78E 2AD1 F65A
email   : iarce@core-sdi.com
http://www.core-sdi.com
Pte. Juan D. Peron 315 Piso 4 UF 17
1038 Capital Federal
Buenos Aires, Argentina.              Tel/Fax : +(54-11) 4331-5402
Casilla de Correos 877 (1000) Correo Central
=====================================================================

--- For a personal reply use iarce@core-sdi.com

home help back first fref pref prev next nref lref last post