[24657] in bugtraq
Re: Alteon ACEdirector signature/security bug
daemon@ATHENA.MIT.EDU (Mike Rogers)
Tue Mar 12 23:58:29 2002
Date: 12 Mar 2002 22:26:23 -0000
Message-ID: <20020312222623.13605.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Mike Rogers <mprogers@nortelnetworks.com>
To: bugtraq@securityfocus.com
In-Reply-To: <20020208150434.3358.qmail@mail.securityfocus.com>
Half close issue fixed in:
8.3.24.5, 9.0.41.5, 10.0.25.1, which should appear on
the Nortel Support website shortly.
Fix pending for next build of 8.0 and 8.1 (8.0.63.5,
8.1.34.5). No fix planned for older versions.
Description:
CR Q00229759 Prevent RIP leak when half bound
session receives a FIN (half closed)from client.
Accomplished by ignoring first FIN, and setting a flag.
If binding fails, on retransmitted FIN, session will be
fastaged.
(If binding succeeds, retransmitted FIN is sent to real
server and handled correctly.)
There is a secondary problem which can occur when
the server's FIN is not acknowledged in a timely
manner by the client. This results in the session
(translation information) being removed while the
server is still retrying the FIN.
The workaround for this is to raise the fast aging time
to allow for the retransmissions using
the /cfg/slb/adv/fastage parameter (recommended
value=2), but we plan on issuing a more
comprehensive fix within a month.
---------------------------------------------
Nortel Networks: Intelligent Edge / Alteon
Mike Rogers, Director, Customer Engineering
Phone: +1 603-661-9091 (HQ VM +1-408-360-5631)
---------------------------------------------
