Cqure.net Security Advisory cqure.net.20020412.bordermanager_36_mv1.a - Three vulnerabilities were identified in Novell Border Manager 3.6. The vulnerabilities will cause the handling NLM to abend, and in some cases result in a denial of service to to Novell server.
f299bcf1188f4c8c7d32630643702fd962fc7a016d90a590fa5014a2d1f6d783cqure.net Security Vulnerability Report
No: cqure.net.20020412.bordermanager_36_mv1.a
==============================================
Vulnerability Summary
---------------------
Problem: Multiple vulnerabilities identified in
Novell Border Manager 3.6. During our brief
look at Novell Border Manager 3.6, we have
identified three issues within the product.
The vulnerabilities will cause the handling
NLM to abend, and in some cases result in a
DOS of the Novell server.
Threat: An attacker could prevent legitimate use of
the Novell server, by sending special crafted
information to the server.
Affected Software: Border Manager 3.6 SP 1a.
Platform: Netware 6.0 SP 1 verified.
Vulnerability Description
-------------------------
The first vulnerability is within the FTP-proxy server of BM 3.6.
After issuing the connection request to the proxy an attacker could
send a couple of megs of random data, which would cause the server
to stop responding to tcp/ip for a while. The server will then start
answering tcp/ip traffic again after 10 to 20 seconds. If this is
repeated for ten times or so, our test environment stop responding
to tcp/ip alltogether, and the server had to be rebooted to regain
full functionability.
The second vulnerability is in the ip/ipx gateway on tcp port 8225.
If one would send approximately two megabytes of random data to this
port, the nlm ipipxgw.nlm will abend.
The third vulnerability is in the RTSP proxy running on port 9090.
One could cause the proxy.nlm to abend by simply connecting to the
port, issuing the command "GET" followed by six enters.
Solution
--------
Filter incoming connections to the ports 21, 8225 and 9090. As soon
as patches become available, apply them.
Additional Information
----------------------
Novell was contacted 20020412 and have been unable to reproduce the
issues up until today.
This vulnerability was found and researched by
Patrik Karlsson & Jonas Ländin
patrik.karlsson@se.pwcglobal.com
jonas.landin@ixsecurity.com
This document is also available at: http://www.cqure.net/advisories/
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed