[NEWS] Red-M Red-Alert Multiple Vulnerabilities
From: SecuriTeam (support_at_securiteam.com)
To: email@example.com Date: 12 Feb 2004 11:59:31 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
- - - - - - - - -
Red-M Red-Alert Multiple Vulnerabilities
<http://www.red-m.com/Products/Default.asp#alert> Red-Alert "Monitors
Bluetooth and 802.11b wireless activity around the clock to detect
Several vulnerabilities have been found in the Red-Alert probe. As a
result, the probe could be reset or accessed by unauthorized users.
* Red-Alert with hardware version 2.7.5, software version 3.1 build 24
Any unauthenticated user can remotely reboot the Red-Alert appliance
through a malformed request to the web server. When a browser request is
longer than approximately 1230 bytes, the appliance reboots. Consequently,
all information is lost. Anything sent to the device's TCP port 80 longer
than approx. 1230 bytes reboots it, whether it's a valid request or not.
In order to test the vulnerability, issue the following request:
$ perl -e 'print "a"x1230 . "\r\n\r\n"| nc < device ip> 80
Probe Administration Authentication
The authentication of the probe administrator is bound to the user's IP
address. If multiple users are behind NAT or a proxy, any of those users
can access the administration GUI without restrictions after
authentication was successful by the admin. The authentication does, in
fact, expire after a few minutes of inactivity. However, since the events
popup page auto-refreshes itself the session will potentially never
Incorrect Identification Of Wireless Network With SSID Containing Multiple
If there are wireless networks detected by the probe with an SSID
containing multiple space (0x20) characters, the probe fails to correctly
identify them. For example, if a network has the SSID " ", the probe
will detect it as " "(single space character). Any sequence of multiple
space characters in any substring of the SSID are represented as one
single space character, which causes identification to fail.
The vendor has released a new frimware version.
The information has been provided by <mailto:firstname.lastname@example.org> Bruno
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: email@example.com
In order to subscribe to the mailing list, simply forward this email to: firstname.lastname@example.org
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.