Title: Netware 4.x Transaction Tracking System Vulnerability
Severity: MODERATE
Description:
A vulnerability in Netware's Transaction Tracking System (TTS) may allow attackers to crash multiple servers.
The Transaction Tracking System (TTS) is a service provided by Netware to help preserve the integrity of data during a system crash. If a transaction is in the process of being written to the disk when the system crash, upon reboot the partial transaction will be backed out thus preserving the integrity of the data.
TTS by default tracks 10,00 transactions. If a high enough burst of transactions are sent to the server and the available memory is exhausted, TTS will become disabled. While TTS is disabled, no updates can be made to the Netware Disctory Services. This impacts any programs that update NDS, such as login. In extreme cases of very large simultaneous transactions that server may crash. If other servers contain NDS replicaes they may crash as well.
If a normal user has the ability to create a container and add objects to it he can create a large enough number of NDS updates quickly to crash the server by creating a container, dropping a few hundred objects into the it via drag-and-drog and then deleting the container.
Affected Products:
- Novell Netware 4.1.0
- Novell Netware 4.11.0 SP5B
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
