Title: Iris GET Denial of Service Vulnerability
Severity: MODERATE
Description:
IRIS from eEye Digital Security is a protocol analyzer geared towards network management. Current versions are reportedly vulnerable to a denial of service attack.
A maliciously-formed packet sent to Iris by a remote attacker, upon opening in the program for analysis by a user, will cause Iris to terminate.
The crash is caused by an inability of Iris to handle packets with malformed values in its headers.
It should be noted that in order to properly exploit this issue, the invalid packet must be opened by a user in Iris.
Affected Products:
- eEye Digital Security IRIS 1.0.1
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
