Software support info: Also known as BugTraq Vulnerability ID 3964. Incorrect handling of half closed connections leading to leakage of real server addresses. The software versions containing the fix for this should be available on the NortelNetworks support website this week: 8.3.24.5, 9.0.41.5, 10.0.25.1 Instructions for customers with support contracts: Go to http://www.nortelnetworks.com/cs Then specify or search for Alteon traffic control software You can also call 1-800-4-Nortel and use Express Routing Code 343 to get to an Alteon support tech. Customers without contracts, but wishing to eliminate this vulnerability (rarely seen in real life so far), should send email as follows: mailto:alteon-support@nortelnetworks.com Subject: Fix for BugTraq Vulnerability #3964 In the body of the message, please quote the switch type(s) and current code version(s) in use. Fix pending for next build of 8.0 and 8.1 (8.0.64.x, 8.1.35.x). No fix planned for older versions. Mike --------------------------------------------- Nortel Networks: Intelligent Edge / Alteon Mike Rogers, Director, Customer Engineering Phone: +1 603-661-9091 (HQ VM +1-408-360-5631) ---------------------------------------------
