Re: Alteon ACEdirector signature/security bug

[Mike Rogers <mprogers () nortelnetworks com>]

In-Reply-To: <20020208150434.3358.qmail () mail securityfocus com>

Half close issue fixed in:

8.3.24.5, 9.0.41.5, 10.0.25.1, which should appear on 
the Nortel Support website shortly.

Fix pending for next build of 8.0 and 8.1 (8.0.63.5, 
8.1.34.5). No fix planned for older versions.

Description:

CR Q00229759 Prevent RIP leak when half bound 
session receives a FIN (half closed)from client. 
Accomplished by ignoring first FIN, and setting a flag. 
If binding fails, on retransmitted FIN, session will be 
fastaged.
(If binding succeeds, retransmitted FIN is sent to real 
server and handled correctly.)

There is a secondary problem which can occur when 
the server's FIN is not acknowledged in a timely 
manner by the client. This results in the session 
(translation information) being removed while the 
server is still retrying the FIN.
The workaround for this is to raise the fast aging time 
to allow for the retransmissions using 
the /cfg/slb/adv/fastage parameter (recommended 
value=2), but we plan on issuing a more 
comprehensive fix within a month.

---------------------------------------------
Nortel Networks: Intelligent Edge / Alteon
Mike Rogers, Director, Customer Engineering
Phone: +1 603-661-9091 (HQ VM +1-408-360-5631)
---------------------------------------------