Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

usrnetserver.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 32 Views

USR Netserver 8/16 is vulnerable to nestea DoS attack, causing critical buffer allocation errors.

Code
`  
[ http://www.rootshell.com/ ]  
  
Date: Mon, 26 Oct 1998 18:51:09 +0000  
From: Vesselin Mladenov <[email protected]>  
Subject: USR Netserver 8/16 vulnarable to nestea attack  
  
Three days ago I found out that USR Netserver 8/16 V.34, running version  
2.0.14 OS is vulnerable to nestea DoS attack (for more info lookup in  
http://www.rootshell.com). I alarmed 3COM by sending them e-mail about the  
problem and exact behaviour of the NAS I was playing with. They mailed me  
back, telling me that they appreciate I have contacted them, but  
unfortunatelly they are too busy to pay attention to my e-mail, so I was  
redirected to the local technical support organization. Well, I decided to  
forward the message to bugtraq - cause I'm sure the response will be more  
rapid and they'll be no more too busy. :)  
  
Here is the message, in general:  
  
--------------------------------------------------  
Hi,  
  
I was playing with old nestea program (http://www.rootshell.com) and I  
decided to test if my netserver is vulnarable to that attack.  
Unfortunatelly it turned out that it is.  
The model is NETServer/8 V.34, OS version 4.0.14.  
The error message netserver returned to me was:  
  
bla bla bla .../src/ppp_dsm.c Level CRITICAL: Buffer Alloc Error (3052) ES_NO_BUFMEM  
  
After that netserver stop accepting user logins.  
From logfile: "Connection was dropped for user UNKNOWN."  
  
I use RADIUS authentication and accounting.  
  
In 10% of cases netserver was completely dead. I attacked the NAS with 200  
repetitions of nestea. If you increase the repetition number, you will not  
have to run the nestea twice to kill the netserver completely.  
  
I thing that the problem is in ppp_dsm.c module.  
The module is quite buggy - there are other problems with it, but not so  
serious as this one.  
  
---------------------------------------------------  
  
That's it.  
  
  
---------------------------  
Vesselin Mladenov  
NetBG Ltd.  
Phone: +3592-9744260  
---------------------------  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
usnetserver vulnerabilitynestea dos attackbuffer allocation errortechnical supportradius authentication.
32