Home page logo
/

bugtraq logo Bugtraq mailing list archives

USR Netserver 8/16 vulnarable to nestea attack
From: root () NETBG COM (Vesselin Mladenov)
Date: Mon, 26 Oct 1998 18:51:09 +0000


  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime () docserver cac washington edu for more info.

--0__=b2knqRfeA42B7T4cYveBhSGqajgt97NtuJxNnvljmIyagyS1zdNH6ZBV
Content-Type: TEXT/PLAIN; CHARSET=us-ascii
Content-ID: <Pine.LNX.3.96.981026182012.26114D () mail netbg com>

Three days ago I found out that USR Netserver 8/16 V.34, running version
2.0.14 OS is vulnerable to nestea DoS attack (for more info lookup in
http://www.rootshell.com).
I alarmed 3COM by sending them e-mail about the problem and exact behaviour
of the NAS I was playing with.
They mailed me back, telling me that they appreciate I have contacted them,
but unfortunatelly they are too busy to pay attention to my e-mail, so I was
redirected to the local technical support organization.
Well, I decided to forward the message to bugtraq - cause I'm sure the
response will be more rapid and they'll be no more too busy. :)

Here is the message, in general:

--------------------------------------------------
Hi,

I was playing with old nestea program (http://www.rootshell.com) and I
decided to test if my netserver is vulnarable to that attack.
Unfortunatelly it turned out that it is.
The model is NETServer/8 V.34, OS version 4.0.14.
The error message netserver returned to me was:

 bla bla bla .../src/ppp_dsm.c Level CRITICAL: Buffer Alloc Error (3052) ES_NO_BUFMEM

After that netserver stop accepting user logins.
From logfile: "Connection was dropped for user UNKNOWN."

I use RADIUS authentication and accounting.

In 10% of cases netserver was completely dead. I attacked the NAS with 200
repetitions of nestea. If you increase the repetition number, you will not
have to run the nestea twice to kill the netserver completely.

I thing that the problem is in ppp_dsm.c module.
The module is quite buggy - there are other problems with it, but not so
serious as this one.

---------------------------------------------------

That's it.


---------------------------
Vesselin Mladenov
NetBG Ltd.
Phone: +3592-9744260
---------------------------

--0__=b2knqRfeA42B7T4cYveBhSGqajgt97NtuJxNnvljmIyagyS1zdNH6ZBV--



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]