[13788] in bugtraq
Re: Novell BorderManager 3.5 Remote Slow Death
daemon@ATHENA.MIT.EDU (Ron van Daal)
Wed Feb 9 12:33:10 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10002091319390.18030-100000@server.syntonic.net>
Date: Wed, 9 Feb 2000 13:53:50 +0100
Reply-To: Ron van Daal <ronvdaal@SYNTONIC.NET>
From: Ron van Daal <ronvdaal@SYNTONIC.NET>
X-To: Chicken Man <chicknmon@HOTMAIL.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000209005859.76287.qmail@hotmail.com>
Hello,
I experienced the same problem with several servers running NetWare 5.0
sp4 and BorderManager 3.0 (Enterprise Edition). I discovered this bug
a few months ago when doing a NMAP scan. When opening a telnet session
to TCP port 2000 and hitting enter, the NetWare server gives the same
Short Term MAlloc error you describe, with the difference that it starts
with a few million attempts to get more memory.
--
Ron van Daal | Syntonic Internet | tel. +31(0)46-4230738
ronvdaal@syntonic.net | www.syntonic.net | fax. +31(0)46-4230739
On Wed, 9 Feb 2000, Chicken Man wrote:
> 1-27-2000 9:34:47 am: SERVER-5.0-830 [nmID=2000A]
> Short Term Memory Allocator is out of Memory.
> 1 attempts to get more memory failed.
>
> The telnet session will not disconnect, unless you manually close the
> connection. Over the course of two days (every few minutes or so, YMMV) the
> error will repeat, with the number of attempts steadily increasing (by
> several million each time). Eventually (again, for us it was two days, YMMV)
> the firewall will deny all requests, and eventually crash completely.
Our NetWare servers didn't crash, because I took the servers down
after noticing the MAlloc error.
> <RANT>
> Why is the port even accessable from the outside (or the inside for that
> matter)? The default BorderManager packet filtering rules indictate that
> pretty much everything is being passed. Why is the NLM loaded by default?
> Tcpcon shows various other services running that shouldn't be either
> (c27-2000 9:34:47 am: SERVER-5.0-830 [nmID=2000A]
> Short Term Memory Allocator is out of Memory.
> 1 attempts to get more memory failed.
I can't find any vulnerabilities in the other services (chargen,
echo, discard, etc). Try FILTCFG.NLM to disable these services.
-Ron
