Bugtraq mailing list archives
Foundry Networks ServerIron sequence predictability fix soon to be available
From: a.vanderstock () E-SECURE COM AU (Andrew van der Stock)
Date: Thu, 2 Mar 2000 15:35:06 +1100
Foundry have responded to the advisory quickly, and will be releasing patched firmware soon (as in the next few hours, and probably by the time you read this - I already have it). Stable firmware will be available via the Foundry support web site in less than two weeks. See http://www.foundrynet.com/bugTraq.html for the latest news on this issue. This page also points out some reasonable steps you can take to reduce the risk of remote management whilst using your Foundry devices. For those Foundry owners who are interested, native ssh access to the Foundry switches is apparently available as an add-on product. As many of you know, ssh reduces the risk of remote management by not using clear text for important secrets such as passwords and configuration details. I recommend all Foundry owners to contact their vendor or use their support details to obtain this important add-on. I wish to thank Chandra Kopparapu, Foundry's Product Marketing Manager for layer 4-7 switches for his prompt response to this issue. Andrew van der Stock, Security Architect e-Secure Pty Ltd "Secure in a Networked World" Phone: 02 9438 4984 Fax: 02 9438 4986 Suite 201, 2-4 Pacific Hwy, Mobile: 0412 532 963 St. Leonards NSW 2065 Australia http://www.e-Secure.com.au/ ACN 086 248 419 e-mail:A.vanderStock () e-Secure com au
Current thread:
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Brett Lymn (Feb 29)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Joe Shaw (Mar 01)
- <Possible follow-ups>
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow H D Moore (Feb 29)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Derek Callaway (Mar 01)
- Foundry Networks ServerIron sequence predictability fix soon to be available Andrew van der Stock (Mar 01)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Przemyslaw Frasunek (Mar 01)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Ronald Huizer (Mar 04)
- OpenLinux 2.3: rpm_query harikiri (Mar 04)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Eugene Teo (Mar 02)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Derek Callaway (Mar 02)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Przemyslaw Frasunek (Mar 03)
- Potential security problem with mtr Viktor Fougstedt (Mar 03)
- Re: Potential security problem with mtr LaMont Jones (Mar 03)
- Re: Potential security problem with mtr Viktor Fougstedt (Mar 03)
- [RHSA-2000:006-01] New nmh packages available bugzilla () REDHAT COM (Mar 06)
- Re: [ Hackerslab bug_paper ] Linux dump buffer overflow Derek Callaway (Mar 02)