Netware 6.5 SP8 Denial Of Service - BTCPCOM.NLM

2010-02-01

  • Novell NetWare 6.5

Summary

Many Netware installations include the BTRIEVE database software as standard which listens on port 3351.

Salford Software have discovered that a denial of service condition is possible by sending the correct type of data causing a page fault processor exception & subsequent reboot.

Solution

Novell bug ID is 571843 although Novell have indicated this is unlikely to be fixed as Netware is end of life

Workaround

The BTRIEVE software can be stopped/started with the

BSTOP
&
BSTART

commands.

Also the port 3351 can be firewalled.

References

Novell bug 571843
Salford 44344
THE INFORMATION IN THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS WITHOUT WARRANTY OF ANY KIND. PROVIDER SPECIFICALLY DISCLAIMS ANY OTHER WARRANTY, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL PROVIDER BE LIABLE FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL OR INCIDENTAL DAMAGES, EVEN IF PROVIDER HAS BEEN ADVISED BY USER OF THE POSSIBILITY OF SUCH POTENTIAL LOSS OR DAMAGE. USER AGREES TO HOLD PROVIDER HARMLESS FROM AND AGAINST ANY AND ALL CLAIMS, LOSSES, LIABILITIES AND EXPENSES.