Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

novell-iwc-DoS.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 39 Views

Denial of Service found in Novell Intranetware Client 3.0.0.0 affecting Windows 95 and 98 systems.

Code
`Date: Wed, 30 Dec 1998 21:27:02 -0500  
From: SecureXpert DIRECT Sender <[email protected]>  
To: [email protected]  
Subject: SecureXpert Labs Advisory [SX-98.12.30-01]  
  
SecureXpert Labs Advisory [SX-98.12.30-01]  
This advisory updates advisory [SX-98.12.23-01]  
  
DoS vulnerability in Novell Intranetware Client 3.0.0.0  
  
Reported by: SecureXpert Labs  
  
  
WARNING: this information is based on early analysis. The subject matter  
is still the subject of active research by SecureXpert Labs and others.  
Legal: www.securexpert.com/legal.html  
  
  
Summary  
  
The previously reported Denial of Service vulnerability in Microsoft  
Windows 98 has proven upon further investigation NOT to be a vulnerability  
in the Microsoft Windows 98 product. Microsoft Windows 98, in a default  
installation without third-party software, is not vulnerable to the attack  
reported in [SX-98.12.30-01].  
  
However, a vulnerability exists in the Novell Intranetware Client version  
3.0.0.0 (as distributed with Novell Netware 5) which affects all Windows  
95 and Windows 98 systems on which the Novell Intranetware Client version  
3.0.0.0 is installed.  
  
Windows 95 and Windows 98 systems with the Novell Intranetware Client  
installed experience a critical error (Blue Screen) when scanned with the  
popular port-scanner tool "nmap" (http://www.insecure.org/nmap) in  
"half-open" scanning mode (-sS).  
  
Specifically, the vulnerable service in the Intranetware client is the SLP  
Request service on TCP port 427. The command "nmap -sS -p427 target.com",  
which scans only port 427 on the target system with a TCP half-open  
sequence, causes an immediate Blue Screen condition. This condition is  
recoverable; however subsequently the affected system loses all TCP  
network connectivity. Similarly, any "nmap -sS" scan which includes port  
427 in the range of scanned ports causes the same fault (on most systems  
this includes the default scan with no ports specified).  
  
The nmap tool includes features which permit it to scan large regions of  
Internet address space. Any Windows 95 or Windows 98 systems with the  
Novell Intranetware Client installed found within any scanned region will  
be affected.  
  
Novell Inc. and Microsoft Corp. have received advance notice of this  
vulnerability.  
  
SecureXpert Labs wishes to thank Bruce Allison of Obsidian Networks for  
his valuable assistance in the reproduction of this vulnerability.  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
denial of servicenovell intranetware clientwindows 95windows 98blue screenport-scannertcp port 427.
39