Here is a pretty serious DoS advisory released on Bugtraq. I am not aware of any fixes, yet. We'll keep you posted! "Allegro-Software-RomPager is an http server which is used in network hardware like switches to provide a web interface to remotely configure your hardware."
It seems that sending an incorrect request to the switch will cause the http server to crash and then crashing the actual switch. I only tested this on a D-Link DES-3224+ however there are other companies which use the Allegro software for their devices.
Risk: Serious!
*Timescape*
Advisory TS002
Recently I was bashing up a D-Link DES-3224+ ethernet switch and after submitting a number of invalid authentication requests to the Allegro-Software-RomPager installed on it I managed to freeze the whole switch putting all the network down.
Companies which use it are (as on Allegro website):
3Com
Acacia Networks
AccessLan Communications
Agilent Corporation
American Power Conversion
Andover Controls Corporation
Casio
Cisco Systems
D-Link Systems, Inc.
eNote Corporation
Netopia Communications
Xerox
... and others
at About Allegro Software
This is rather serious as if all these hardware items can be crashed by just an invalid request a typical blackhat can crash a whole company infrastructure in a couple of minutes.
Also APC (American Power Supplies) use it and if anyone has a UPS of APC with RomPager try to test it out. I hope the RomPager does not have any control of the actual power supply.
I wont release any exploit apps. for now.
Please email me of any hardware you may find which is expoitable so I can mantain a list.
Thanks to USSRlabs; Max Vision; rfp; Dragos and other people at the CanSecWest.
Timescape
EMAIL: vellad@kattare.com
It seems that sending an incorrect request to the switch will cause the http server to crash and then crashing the actual switch. I only tested this on a D-Link DES-3224+ however there are other companies which use the Allegro software for their devices.
Risk: Serious!
*Timescape*
Advisory TS002
Recently I was bashing up a D-Link DES-3224+ ethernet switch and after submitting a number of invalid authentication requests to the Allegro-Software-RomPager installed on it I managed to freeze the whole switch putting all the network down.
Companies which use it are (as on Allegro website):
3Com
Acacia Networks
AccessLan Communications
Agilent Corporation
American Power Conversion
Andover Controls Corporation
Casio
Cisco Systems
D-Link Systems, Inc.
eNote Corporation
Netopia Communications
Xerox
... and others
at About Allegro Software
This is rather serious as if all these hardware items can be crashed by just an invalid request a typical blackhat can crash a whole company infrastructure in a couple of minutes.
Also APC (American Power Supplies) use it and if anyone has a UPS of APC with RomPager try to test it out. I hope the RomPager does not have any control of the actual power supply.
I wont release any exploit apps. for now.
Please email me of any hardware you may find which is expoitable so I can mantain a list.
Thanks to USSRlabs; Max Vision; rfp; Dragos and other people at the CanSecWest.
Timescape
EMAIL: vellad@kattare.com
