Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Networking Stack (NetWare)  >   NetWare Vendors:   Novell
Novell NetWare IPX Compatibility Port Allows Remote Users to Cause the System to Crash
SecurityTracker Alert ID:  1004243
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 8 2002
Impact:   Denial of service via network
Exploit Included:  Yes  

Description: warned that Novell NetWare is still vulnerable to a denial of service issue reported in July 2000. A remote user can cause a NetWare process to end abnormally (abend) or cause the server to crash and reboot.

It is reported that the IPX compatibility feature of NetWare contains a vulnerability in processing data on port 40193. A remote user can send random data or fragmented packets to the system to cause the SDMR.NLM process to abend or, in some cases, cause the system to reboot.

The vendor has reportedly been notified.

Impact:   A remote user can cause a NetWare process to abend or cause the entire system to reboot.
Solution:   No solution was available at the time of this entry.

The report indicates that the IPX-Compatibility feature should not be enabled on production servers.

Vendor URL: (Links to External Site)
Cause:   Exception handling error
Underlying OS Comments:  5.0 SP 5, 6.0 SP 1

Message History:   None.

 Source Message Contents

Subject: Security Vulnerability Report

Vulnerability Summary
Problem:           The IPX compatibility issue Posted to BugTraq on
                   July 11, 2000 by Dimuthu Parussalla applies to
                   Netware 6.0 SP 1 as well.

Threat:            An attacker could cause the SDMR.NLM to abend
                   and in some cases reboot the server. See bid
                   1467 for more information.

Affected Software: Novell Netware 6.0 SP 1.

Solution:          Taken from Bugtraq bid 1467.
                   "IPX-Compatibility should not be enabled on
                   production servers."

Disable IPX-Compatibility on production servers.

Additional Information
Novell was contacted 20020412.

This vulnerability was found and researched by

This document is also available at:


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC