Important Nortel Software and Hardware updates

Software Life Cycle Support Update for ERS 8600

Description:

This Bulletin seeks to articulate the latest life cycle management dates for the Ethernet Routing Switch 8600 which became effective with the release of v5.1 Software on 18 May 2009.

General Availability (GA) – Products that are classified as GA are ready for sale and support in all intended markets and applications.

The life cycle stages after GA are ‘End of New Sales’, ‘Manufacture Discontinued’, and eventually ‘End of Life’.

[singlepic id=17 w=320 h=240 float=center]

Removal of ERS 8600 5.1.x Software Images from the Nortel Support Web Posting

Description:

In our continued effort to provide our Enterprise customers with a highly reliable Core network infrastructure reducing any potential downtime which could negatively impacting your business, the Enterprise Data team has established a practice of proactively removing code which could potentially cause network outages and replacing it with updated code. This is done even though the probability of such circumstance happening is extremely low. By doing this, we ensure customers selecting to upgrade to a new software load will always be choosing the most reliable and advanced version for a given code stream. Please understand that this level of proactive code maintenance is not a reflection of poor quality for previously posted codes, but rather the assurance when upgrading to a new code customers will always only have access to a software load which drives high reliability and business continuity. Based upon this, the Enterprise Data team has chosen to remove all previous versions of ERS 8600 Release 5.1.x (specifically 5.1.0.0 and 5.1.1.0) from the Nortel Support Web portal, and replaced this code with Software Release 5.1.1.1.

Nortel Enterprise Response to Sock-Stress TCP DoS (Outpost24 TCP Issues)

Description:

The vulnerabilities described in this advisory can potentially affect systems and applications that run an implementation of TCP protocol (RFC793 et al.). The issues were found by the Sockstress tool developed by Outpost24 and reported by CERT-FI. Sockstress is an user-land TCP socket stress testing framework that can open an arbitrary number of sockets. The attacks use different variations in terms of payloads, window sizes and stalling TCP states. The attacks take advantage of the exposed resources the target makes available post TCP handshake, namely kernel and system resource such as counters, timers, and memory pools. The attacks do not require significant bandwidth. General impact of the tool and attack scenarios is a denial of service (DoS). However, the impact varies by stack implementation. The overall impact on a given setup depends on the target application and the operating system running on the target. The impact on specific systems falls into three categories: 1) Temporary impact on the application CVSS Vector and score: AV:N/AC:M/Au:N/C:N/I:N/A:P – 4.3 The application fails to accept connections from legitimate users when the attack is ongoing. This state is temporary and the application will become usable once the attack stops. 2) Permanent impact on the application CVSS Vector and score: AV:N/AC:M/Au:N/C:N/I:N/A:P – 4.3 The application fails to accept connections from legitimate users once the attack has started and lasted for some period of time. This state is permanent in the sense that the application will not become responsive until it has been restarted. 3) Permanent impact on the system CVSS Vector and score: AV:N/AC:M/Au:N/C:N/I:N/A:C – 7.1 The system (the OS kernel) stops performing its essential functions once the attack has been started and has lasted for some period of time. As a result, the system will be unusable. The system becomes usable once it has been rebooted. The severity of the attacks range from a CVSS score of 4