[24192] in bugtraq
Re: Alteon ACEdirector signature/security bug
daemon@ATHENA.MIT.EDU (Mike Rogers)
Fri Feb 8 13:37:09 2002
Date: 8 Feb 2002 15:04:34 -0000
Message-ID: <20020208150434.3358.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Mike Rogers <mprogers@nortelnetworks.com>
To: bugtraq@securityfocus.com
In-Reply-To: <20020125160940.A8217@doit.wisc.edu>
Second Attempt - perhaps new users are not allowed
to post?
Problem was raised to High priority as soon as the
original posting was received.
Handling of half closed connections in our delayed
binding modes (where the switch intercepts the
connection to the server to examine the request) has
been fixed, and a patch should be released for all
current software versions within 2 weeks.
Preventing occasional "leakage" of Real Server
addresses after a connection did not close cleanly, is
in process. This typically occurs when a client does
not acknowledge a server FIN, leaving the server
retransmitting after the switch has removed the
session entry (translation information).
Further details to follow shortly.
---------------------------------------------
Nortel Networks: Intelligent Edge / Alteon
Mike Rogers, Director, Customer Engineering
Phone: +1 603-661-9091 (HQ VM +1-408-360-5631)
eFax: +1-603-816-9196
---------------------------------------------
