Bugtraq mailing list archives
Re: Novell BorderManager 3.5 Remote Slow Death
From: ronvdaal () SYNTONIC NET (Ron van Daal)
Date: Wed, 9 Feb 2000 13:53:50 +0100
Hello, I experienced the same problem with several servers running NetWare 5.0 sp4 and BorderManager 3.0 (Enterprise Edition). I discovered this bug a few months ago when doing a NMAP scan. When opening a telnet session to TCP port 2000 and hitting enter, the NetWare server gives the same Short Term MAlloc error you describe, with the difference that it starts with a few million attempts to get more memory. -- Ron van Daal | Syntonic Internet | tel. +31(0)46-4230738 ronvdaal () syntonic net | www.syntonic.net | fax. +31(0)46-4230739 On Wed, 9 Feb 2000, Chicken Man wrote:
1-27-2000 9:34:47 am: SERVER-5.0-830 [nmID=2000A] Short Term Memory Allocator is out of Memory. 1 attempts to get more memory failed. The telnet session will not disconnect, unless you manually close the connection. Over the course of two days (every few minutes or so, YMMV) the error will repeat, with the number of attempts steadily increasing (by several million each time). Eventually (again, for us it was two days, YMMV) the firewall will deny all requests, and eventually crash completely.
Our NetWare servers didn't crash, because I took the servers down after noticing the MAlloc error.
<RANT> Why is the port even accessable from the outside (or the inside for that matter)? The default BorderManager packet filtering rules indictate that pretty much everything is being passed. Why is the NLM loaded by default? Tcpcon shows various other services running that shouldn't be either (c27-2000 9:34:47 am: SERVER-5.0-830 [nmID=2000A] Short Term Memory Allocator is out of Memory. 1 attempts to get more memory failed.
I can't find any vulnerabilities in the other services (chargen, echo, discard, etc). Try FILTCFG.NLM to disable these services. -Ron
Current thread:
- Re: Fwd: CERT Advisory CA-2000-02, (continued)
- Re: Fwd: CERT Advisory CA-2000-02 Marc Slemko (Feb 03)
- Re: Fwd: CERT Advisory CA-2000-02 Henrik Nordstrom (Feb 05)
- Re: Fwd: CERT Advisory CA-2000-02 Byron Alley (Feb 07)
- Re: Fwd: CERT Advisory CA-2000-02 Len Budney (Feb 08)
- Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Servic e Adam Gray (Feb 07)
- Re: Fwd: CERT Advisory CA-2000-02 Henri Torgemane (Feb 03)
- recent 'cross site scripting' CERT advisory Tim Hollebeek (Feb 04)
- Re: recent 'cross site scripting' CERT advisory Marc Slemko (Feb 05)
- Re: recent 'cross site scripting' CERT advisory Manuel Martin (Feb 08)
- Novell BorderManager 3.5 Remote Slow Death Chicken Man (Feb 08)
- Re: Novell BorderManager 3.5 Remote Slow Death Ron van Daal (Feb 09)
- Re: Novell BorderManager 3.5 Remote Slow Death Puchatek (Feb 11)
- Re: recent 'cross site scripting' CERT advisory Bill Thompson (Feb 06)
- Re: recent 'cross site scripting' CERT advisory Ari Gordon-Schlosberg (Feb 07)
- Re: recent 'cross site scripting' CERT advisory Taneli Huuskonen (Feb 07)
- Re: recent 'cross site scripting' CERT advisory Peter W (Feb 08)
- Re: recent 'cross site scripting' CERT advisory Mikael Olsson (Feb 08)
- Re: recent 'cross site scripting' CERT advisory Henri Torgemane (Feb 08)
- Re: 'cross site scripting' defenses flynngn () JMU EDU (Feb 06)
- Microsoft Security Bulletin (MS00-004) Microsoft Product Security (Feb 04)
- Sprint PCS vulnerable to malicious tags Paul Schreiber (Feb 04)