Vulnerability Development mailing list archives
Hardware Exploit - Gets network Down
From: netsec () GFI COM (netsec [davidv])
Date: Thu, 1 Jun 2000 15:53:16 +0200
Subject: Allegro-Software-RomPager/2.10 vulnerable to Dos Attack Risk: Serious! *Timescape* /* Advisory TS002 ------------------------------------------- Allegro-Software-RomPager is an http server which is used in network hardware like switches to provide a web interface to remotely configure your hardware. Recently I was bashing up a D-Link DES-3224+ ethernet switch and after submitting a number of invalid authentication requests to the Allegro-Software-RomPager installed on it I managed to freeze the whole switch putting all the network down. It seems that sending an incorrect request to the switch will cause the http server to crash and then crashing the actual switch. I only tested this on a D-Link DES-3224+ however there are other companies which use the Allegro software for their devices. Companies which use it are (as on Allegro website): 3Com Acacia Networks AccessLan Communications Agilent Corporation American Power Conversion Andover Controls Corporation Casio Cisco Systems D-Link Systems, Inc. eNote Corporation Netopia Communications Xerox ... and other companies at http://www.allegrosoft.com/innovators.html This is rather serious as if all these hardware items can be crashed by just an invalid request a typical blackhat can crash a whole company infrastructure in a couple of minutes. Also APC (American Power Supplies) use it and if anyone has a UPS of APC with RomPager try to test it out. I hope the RomPager does not have any control of the actual power supply. I wont release any exploit apps. for now. Please email me of any hardware you may find which is expoitable so I can mantain a list. Thanks to USSRlabs; Max Vision; rfp; Dragos and other people at the CanSecWest. Timescape EMAIL: vellad () kattare com DISCLAIMER: I cannot TS002---------------------------------------------*/ www.windows2000security.com This disclaimer was sent by Mail essentials for Exchange/SMTP. Mail essentials adds content checking of inbound and outbound mail, PGP email encryption, disclaimers, anti virus, anti spam, mail archiving outbound mail compression, personalised auto replies and more to Exchange server! More information on http://www.gficomms.com/mesindex.htm To send us secure email, use our PGP key below. Mail essentials will automatically decrypt your message at our Exchange server. -----BEGIN PGP PUBLIC KEY BLOCK----- mQBtAze7peIAAAEDAMI1Yd0d6Yox5qVaoDpbMXR9/alPxkXW+My+d95oFx4AxjI/ FGOkBb12hrMsrZrH7Ljm0C3Ek5PUlrV+5XTItehzVF5I0NJzAfmqQvmOwSTHD91M QzCgD9TpVyBS1JkdcwAFEbQhR0ZJIEZBWCAmIFZPSUNFIDxpbmZvQGdmaWZheC5j b20+iQB1AwUQN7ul4ulXIFLUmR1zAQHDNQL+OOyhr1+T7irwJNfUI4AX8c9CakPU h9GkdwxdgrfmMAXjxZvQzZqsgpGe4z2SjWA3nBJS8nvLetb6L8dOmNenfH2/3Ar/ XoLIrLfK7APVcctSBiiA56Q4Gnnl+FQO6oYq =ZmhW -----END PGP PUBLIC KEY BLOCK-----
Current thread:
- Hardware Exploit - Gets network Down netsec [davidv] (Jun 01)