Netware 4.x Transaction Tracking System Vulnerability
A vulnerability in Netware's Transaction Tracking System (TTS) may allow attackers to crash multiple servers.
The Transaction Tracking System (TTS) is a service provided by Netware to help preserve the integrity of data during a system crash. If a transaction is in the process of being written to the disk when the system crash, upon reboot the partial transaction will be backed out thus preserving the integrity of the data.
TTS by default tracks 10,00 transactions. If a high enough burst of transactions are sent to the server and the available memory is exhausted, TTS will become disabled. While TTS is disabled, no updates can be made to the Netware Disctory Services. This impacts any programs that update NDS, such as login. In extreme cases of very large simultaneous transactions that server may crash. If other servers contain NDS replicaes they may crash as well.
If a normal user has the ability to create a container and add objects to it he can create a large enough number of NDS updates quickly to crash the server by creating a container, dropping a few hundred objects into the it via drag-and-drog and then deleting the container.