Bugtraq mailing list archives
Re: Alteon ACEdirector signature/security bug
From: Mike Rogers <mprogers () nortelnetworks com>
Date: Mon, 18 Mar 2002 13:25:30 -0500
Software support info: Also known as BugTraq Vulnerability ID 3964. Incorrect handling of half closed connections leading to leakage of real server addresses. The software versions containing the fix for this should be available on the NortelNetworks support website this week: 8.3.24.5, 9.0.41.5, 10.0.25.1 Instructions for customers with support contracts: Go to http://www.nortelnetworks.com/cs Then specify or search for Alteon traffic control software You can also call 1-800-4-Nortel and use Express Routing Code 343 to get to an Alteon support tech. Customers without contracts, but wishing to eliminate this vulnerability (rarely seen in real life so far), should send email as follows: mailto:alteon-support () nortelnetworks com Subject: Fix for BugTraq Vulnerability #3964 In the body of the message, please quote the switch type(s) and current code version(s) in use. Fix pending for next build of 8.0 and 8.1 (8.0.64.x, 8.1.35.x). No fix planned for older versions. Mike --------------------------------------------- Nortel Networks: Intelligent Edge / Alteon Mike Rogers, Director, Customer Engineering Phone: +1 603-661-9091 (HQ VM +1-408-360-5631) ---------------------------------------------
Current thread:
- Re: Alteon ACEdirector signature/security bug Mike Rogers (Mar 12)
- <Possible follow-ups>
- Re: Alteon ACEdirector signature/security bug Mike Rogers (Mar 18)