Bugtraq mailing list archives

Re: Novell BorderManager 3.5 Remote Slow Death

From: puchatek () LAMERS PL (Puchatek)
Date: Fri, 11 Feb 2000 13:38:58 +0100


On Wed, 9 Feb 2000, Ron van Daal wrote:

Hello,

I experienced the same problem with several servers running NetWare 5.0
sp4 and BorderManager 3.0 (Enterprise Edition). I discovered this bug
a few months ago when doing a NMAP scan. When opening a telnet session
to TCP port 2000 and hitting enter, the NetWare server gives the same
Short Term MAlloc error you describe, with the difference that it starts
with a few million attempts to get more memory.

--
Ron van Daal          | Syntonic Internet | tel. +31(0)46-4230738
ronvdaal () syntonic net | www.syntonic.net  | fax. +31(0)46-4230739


I'v just tested this on NW 5.0 with sp4a and BM 3.5 sp1. Conection to
port 2000 is refused and server doesnt give Short Term MAlloc errors.
IMHO sp4a patched this error...

--
cyberpooh
puchatek () lamers pl
Im a life form born in the sea of information ...

Current thread:

Re: Fwd: CERT Advisory CA-2000-02, (continued)
- - - Re: Fwd: CERT Advisory CA-2000-02 Henrik Nordstrom (Feb 05)
    - Re: Fwd: CERT Advisory CA-2000-02 Byron Alley (Feb 07)
    - Re: Fwd: CERT Advisory CA-2000-02 Len Budney (Feb 08)
    - Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Servic e Adam Gray (Feb 07)
    - Re: Fwd: CERT Advisory CA-2000-02 Henri Torgemane (Feb 03)
    - recent 'cross site scripting' CERT advisory Tim Hollebeek (Feb 04)
    - Re: recent 'cross site scripting' CERT advisory Marc Slemko (Feb 05)
    - Re: recent 'cross site scripting' CERT advisory Manuel Martin (Feb 08)
    - Novell BorderManager 3.5 Remote Slow Death Chicken Man (Feb 08)
    - Re: Novell BorderManager 3.5 Remote Slow Death Ron van Daal (Feb 09)
    - Re: Novell BorderManager 3.5 Remote Slow Death Puchatek (Feb 11)
    - Re: recent 'cross site scripting' CERT advisory Bill Thompson (Feb 06)
    - Re: recent 'cross site scripting' CERT advisory Ari Gordon-Schlosberg (Feb 07)
    - Re: recent 'cross site scripting' CERT advisory Taneli Huuskonen (Feb 07)
    - Re: recent 'cross site scripting' CERT advisory Peter W (Feb 08)
    - Re: recent 'cross site scripting' CERT advisory Mikael Olsson (Feb 08)
    - Re: recent 'cross site scripting' CERT advisory Henri Torgemane (Feb 08)
    - Re: 'cross site scripting' defenses flynngn () JMU EDU (Feb 06)
    - Microsoft Security Bulletin (MS00-004) Microsoft Product Security (Feb 04)
    - Sprint PCS vulnerable to malicious tags Paul Schreiber (Feb 04)
  - Re: Bypass Virus Checking minus (Feb 03)

(Thread continues...)