Novell BorderManager connection table denial of service

novell-bordermanager-conntable-dos (9062) The risk level is classified as MediumMedium Risk

Description:

Novell BorderManager is vulnerable to a denial of service attack. If a remote attacker establishes multiple connections to addresses that the software does have routing information for, the connection table would fill up, which would prevent any further connections from being made.


Consequences:

Denial of Service

Remedy:

No remedy available as of August 1, 2014.

References:

  • BugTraq Mailing List, Fri May 10 2002 - 13:05:26 CDT: Re: cqure.net.20020412.bordermanager_36_mv1.a.
  • BID-4726: Novell BorderManager Connection Table Denial of Service Vulnerability
  • CVE-2002-0782: Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public interface.
  • OSVDB ID: 10925: Novell BorderManager PAT Connection Table Saturation DoS

Platforms Affected:

  • Novell BorderManager 3.5

Reported:

May 10, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page