RomPager 2.20 was released in December 1998 and is not susceptible to this problem. Users of affected equipment should contact the vendor of that equipment for fix information. Manufacturers of affected equipment should contact Allegro. Contact information for Allegro is available at http://www.allegrosoft.com
Allegro RomPager 2.10 Malformed URL Request DoS Vulnerability (EDBID:10237)
Allegro's RomPager is reported prone to a remote denial of service vulnerability.
If a specifically-malformed request is sent to Allegro's RomPager, it will crash, often crashing the parent device as well. In this manner, network hardware and possibly entire networks can be rendered unusable by any remote attacker using only a browser.
CVE : CVE-2000-0470
BID : 1290
Other references : OSVDB:1371
Nessus ID : 19304
The following example is made available by Seth Alan Woolley:
$ ping $ip_address # works
$ perl -e 'print "GET / HTTP/1.1\r\nHost: '"$ip_address"'\r\nAuthenticate: " . 'A' x 1024 . "\r\n\r\n"' | nc "$ip_address" 80
$ ping $ip_address # doesn't work
Allegro RomPager Malformed Authentication Request DoS
Remote / Network Access
Denial of Service,
Loss of Availability
Allegro RomPager contains a flaw that may allow a remote denial of service. The issue is triggered when using a long value in the 'Authenticate' HTTP header of a request, and will result in loss of availability for the service.
Upgrade to version 2.20 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.