Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Firewall)  >   BorderManager Vendors:   Novell
Novel Border Manager Firewall Can Be Crashed By Remote Users Sending Specially Crafted Packets to the FTP Proxy, IP/IPX Gateway, or RTSP Proxy Ports
SecurityTracker Alert ID:  1004241
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 8 2002
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 3.6 SP 1a
Description: reported vulnerabilities in Novell's Border Manager firewall product. A remote user can cause denial of service conditions.

It is reported that a remote user can send specially crafted packets to the server to cause certain NetWare processes to end abnormally (abend) or to cause the server to crash, as described below.

A remote user can send a connection request to the Border Manager FTP proxy server and send a large amount of random data (approximately several Mbytes) to cause the server to stop processing tcp/ip packets for a period of time (approximately 10 to 20 seconds). If this is repeated multiple times (approximately 10 times), the server may permanently stop processing tcp/ip packets. A reboot may be required to return the system to normal operations.

A remote user can send a large amount of random data (approximately 2 Mbytes) to the ip/ipx gateway on tcp port 8225 to cause the nlm ipipxgw.nlm to abend.

A remote user can connect to the RTSP proxy running on port 9090 and send a GET request followed by six 'enter' strings (presumably CR/LF or CR or LF) to cause the proxy.nlm to abend.

The vendor has reportedly been notified but apparently has not been able to reproduce the vulnerabilities.

Impact:   A remote user can cause certain processes to abend and can cause the entire server to crash.
Solution:   No solution was available at the time of this entry.

As a workaround, the report recommends filtering incoming connections to the ports 21, 8225 and 9090.

Vendor URL: (Links to External Site)
Cause:   Exception handling error, Resource error
Underlying OS Comments:  Netware 6.0 SP 1

Message History:   None.

 Source Message Contents

Subject:  [VulnWatch] Security Vulnerability Report

Vulnerability Summary
Problem:           Multiple vulnerabilities identified in
                   Novell Border Manager 3.6. During our brief
                   look at Novell Border Manager 3.6, we have
                   identified three issues within the product.
                   The vulnerabilities will cause the handling
                   NLM to abend, and in some cases result in a
                   DOS of the Novell server.

Threat:            An attacker could prevent legitimate use of
                   the Novell server, by sending special crafted
                   information to the server.

Affected Software: Border Manager 3.6 SP 1a.

Platform:          Netware 6.0 SP 1 verified.

Vulnerability Description
The first vulnerability is within the FTP-proxy server of BM 3.6.
After issuing the connection request to the proxy an attacker could
send a couple of megs of random data, which would cause the server
to stop responding to tcp/ip for a while. The server will then start
answering tcp/ip traffic again after 10 to 20 seconds. If this is
repeated for ten times or so, our test environment stop responding
to tcp/ip alltogether, and the server had to be rebooted to regain
full functionability.

The second vulnerability is in the ip/ipx gateway on tcp port 8225.
If one would send approximately two megabytes of random data to this
port, the nlm ipipxgw.nlm will abend.

The third vulnerability is in the RTSP proxy running on port 9090.
One could cause the proxy.nlm to abend by simply connecting to the
port, issuing the command "GET" followed by six enters.

Filter incoming connections to the ports 21, 8225 and 9090. As soon
as patches become available, apply them.

Additional Information
Novell was contacted 20020412 and have been unable to reproduce the
issues up until today.

This vulnerability was found and researched by

This document is also available at:


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, LLC