Re: Alteon ACEdirector signature/security bug
From: Mike Rogers (mprogers@nortelnetworks.com)Date: 02/08/02
- Previous message: Tamer Sahin: "Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 8 Feb 2002 15:04:34 -0000 From: Mike Rogers <mprogers@nortelnetworks.com> To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is)
In-Reply-To: <20020125160940.A8217@doit.wisc.edu>
Second Attempt - perhaps new users are not allowed
to post?
Problem was raised to High priority as soon as the
original posting was received.
Handling of half closed connections in our delayed
binding modes (where the switch intercepts the
connection to the server to examine the request) has
been fixed, and a patch should be released for all
current software versions within 2 weeks.
Preventing occasional "leakage" of Real Server
addresses after a connection did not close cleanly, is
in process. This typically occurs when a client does
not acknowledge a server FIN, leaving the server
retransmitting after the switch has removed the
session entry (translation information).
Further details to follow shortly.
---------------------------------------------
Nortel Networks: Intelligent Edge / Alteon
Mike Rogers, Director, Customer Engineering
Phone: +1 603-661-9091 (HQ VM +1-408-360-5631)
eFax: +1-603-816-9196
---------------------------------------------
- Previous message: Tamer Sahin: "Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
