Bugtraq mailing list archives

Re: Alteon ACEdirector signature/security bug

From: Mike Rogers <mprogers () nortelnetworks com>
Date: Mon, 18 Mar 2002 13:25:30 -0500

Software support info:

Also known as BugTraq Vulnerability ID 3964.
Incorrect handling of half closed connections leading
to leakage of real server addresses.

The software versions containing the fix for this
should be available on the NortelNetworks support
website this week:

8.3.24.5, 9.0.41.5, 10.0.25.1

Instructions for customers with support contracts:

Go to http://www.nortelnetworks.com/cs

Then specify or search for Alteon traffic control
software

You can also call 1-800-4-Nortel and use Express
Routing Code 343 to get to an Alteon support tech.

Customers without contracts, but wishing to
eliminate this vulnerability (rarely seen in real life so
far), should send email as follows:

mailto:alteon-support () nortelnetworks com
Subject: Fix for BugTraq Vulnerability #3964

In the body of the message, please quote the switch
type(s) and current code version(s) in use.

Fix pending for next build of 8.0 and 8.1 (8.0.64.x,
8.1.35.x). No fix planned for older versions.

Mike
---------------------------------------------
Nortel Networks: Intelligent Edge / Alteon
Mike Rogers, Director, Customer Engineering
Phone: +1 603-661-9091 (HQ VM +1-408-360-5631)
---------------------------------------------

Current thread:

Re: Alteon ACEdirector signature/security bug Mike Rogers (Mar 12)
- <Possible follow-ups>
- Re: Alteon ACEdirector signature/security bug Mike Rogers (Mar 18)