Lucene search
K

bordermanager-dos.txt

🗓️ 09 Feb 2000 00:00:00Reported by Chicken ManType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 21 Views

BorderManager has a memory allocation error causing high CPU usage leading to crashes.

Code
`The issue also affects BorderManager 3.0 (sp2)  
running on NetWare 4.11 sp6a. I was able to  
replicate the memory allocation error but have not  
had any luck with obtaining the high CPU  
utilisation.  
  
Again, csatpxy.nlm is loaded by default on this  
system and unloading it stopped the memory  
allocation errors.  
  
  
matthew  
  
-----Original Message-----  
From: Chicken Man [mailto:[email protected]]  
Sent: Wednesday, 9 February 2000 11:59  
Subject: Novell BorderManager 3.5 Remote Slow  
Death  
  
  
On a (default) installation of BorderManager 3.5  
sp1, spc02 running on  
NetWare 5.0 sp3a with nici 1.3.1, telnet to port  
2000 on the firewall (on  
either the public or private interfaces) and hit  
enter a few times.  
Utilization will jump (to 67% on our systems), and  
the console will  
immediately report an error similar to the  
following:  
  
1-27-2000 9:34:47 am: SERVER-5.0-830  
[nmID=2000A]  
Short Term Memory Allocator is out of Memory.  
1 attempts to get more memory failed.  
  
The telnet session will not disconnect, unless you  
manually close the  
connection. Over the course of two days (every few  
minutes or so, YMMV) the error will repeat, with  
the number of attempts steadily increasing (by  
several million each time). Eventually (again, for  
us it was two days, YMMV) the firewall will deny  
all requests, and eventually crash completely.  
  
Further symptoms:  
  
Using tcpcon you can see something listening on  
port 2000. If the telnet  
session has been closed from the remote end,  
tcpcon reports that the  
previous session is in a "closewait" state. It may  
be possible to do more bad things since this entry  
never clears automatically (i.e. use up the rest  
of system resources by opening and closing  
connections to this port). It can be cleared using  
tcpcon.  
  
The misbehaving NLM is CSATPXY.NLM. It is the CS  
Audit Trail Proxy, which is apparently loaded by  
default on a BorderManager 3.5 install. From what  
various people tell me, it could also be installed  
on non-BorderManger Novell servers (though  
probably not by default) which means this  
vulnerability may extend beyond BorderManager 3.5.  
  
Novell was contacted regarding this and the answer  
was "unload the NLM".  
Unloading the NLM does stop the slow death.  
Rebooting will reload the NLM so it must be taken  
out of whatever loads it on boot, of course.  
  
<RANT>  
Why is the port even accessable from the outside  
(or the inside for that  
matter)? The default BorderManager packet  
filtering rules indictate that  
pretty much everything is being passed. Why is the  
NLM loaded by default?  
Tcpcon shows various other services running that  
shouldn't be either  
(chargen, echo, etc). Why? What other  
vulnerabilities am I missing?  
</RANT>  
  
enjoy,  
ChicknMon  
  
  
  
__________________________________________________  
____  
Get Your Private, Free Email at  
http://www.hotmail.com  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

09 Feb 2000 00:00Current
7.4High risk
Vulners AI Score7.4
21