[24717] in bugtraq
Re: Alteon ACEdirector signature/security bug
daemon@ATHENA.MIT.EDU (Mike Rogers)
Mon Mar 18 15:25:13 2002
Message-Id: <5.1.0.14.2.20020318132219.04358660@zwwpy003.us.nortel.com>
Date: Mon, 18 Mar 2002 13:25:30 -0500
To: bugtraq@securityfocus.com
From: Mike Rogers <mprogers@nortelnetworks.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Software support info:
Also known as BugTraq Vulnerability ID 3964.
Incorrect handling of half closed connections leading
to leakage of real server addresses.
The software versions containing the fix for this
should be available on the NortelNetworks support
website this week:
8.3.24.5, 9.0.41.5, 10.0.25.1
Instructions for customers with support contracts:
Go to http://www.nortelnetworks.com/cs
Then specify or search for Alteon traffic control
software
You can also call 1-800-4-Nortel and use Express
Routing Code 343 to get to an Alteon support tech.
Customers without contracts, but wishing to
eliminate this vulnerability (rarely seen in real life so
far), should send email as follows:
mailto:alteon-support@nortelnetworks.com
Subject: Fix for BugTraq Vulnerability #3964
In the body of the message, please quote the switch
type(s) and current code version(s) in use.
Fix pending for next build of 8.0 and 8.1 (8.0.64.x,
8.1.35.x). No fix planned for older versions.
Mike
---------------------------------------------
Nortel Networks: Intelligent Edge / Alteon
Mike Rogers, Director, Customer Engineering
Phone: +1 603-661-9091 (HQ VM +1-408-360-5631)
---------------------------------------------
