usrnetserver.txt

`  
[ http://www.rootshell.com/ ]  
  
Date: Mon, 26 Oct 1998 18:51:09 +0000  
From: Vesselin Mladenov <[email protected]>  
Subject: USR Netserver 8/16 vulnarable to nestea attack  
  
Three days ago I found out that USR Netserver 8/16 V.34, running version  
2.0.14 OS is vulnerable to nestea DoS attack (for more info lookup in  
http://www.rootshell.com). I alarmed 3COM by sending them e-mail about the  
problem and exact behaviour of the NAS I was playing with. They mailed me  
back, telling me that they appreciate I have contacted them, but  
unfortunatelly they are too busy to pay attention to my e-mail, so I was  
redirected to the local technical support organization. Well, I decided to  
forward the message to bugtraq - cause I'm sure the response will be more  
rapid and they'll be no more too busy. :)  
  
Here is the message, in general:  
  
--------------------------------------------------  
Hi,  
  
I was playing with old nestea program (http://www.rootshell.com) and I  
decided to test if my netserver is vulnarable to that attack.  
Unfortunatelly it turned out that it is.  
The model is NETServer/8 V.34, OS version 4.0.14.  
The error message netserver returned to me was:  
  
bla bla bla .../src/ppp_dsm.c Level CRITICAL: Buffer Alloc Error (3052) ES_NO_BUFMEM  
  
After that netserver stop accepting user logins.  
From logfile: "Connection was dropped for user UNKNOWN."  
  
I use RADIUS authentication and accounting.  
  
In 10% of cases netserver was completely dead. I attacked the NAS with 200  
repetitions of nestea. If you increase the repetition number, you will not  
have to run the nestea twice to kill the netserver completely.  
  
I thing that the problem is in ppp_dsm.c module.  
The module is quite buggy - there are other problems with it, but not so  
serious as this one.  
  
---------------------------------------------------  
  
That's it.  
  
  
---------------------------  
Vesselin Mladenov  
NetBG Ltd.  
Phone: +3592-9744260  
---------------------------  
  
`