-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------------- Aruba Wireless Networks Security Advisory Title: ISC DHCP contains C includes that define "vsnprintf" to "vsprintf" creating potential buffer overflow conditions Aruba Advisory ID: AID-06152004 Revision: 1.0 For Public Release on 06/22/2004 at 19:00 (GMT) References: CAN-2004-0461 / CERT Vulnerability Note VU#654390 - ---------------------------------------------------------------------------- SUMMARY It was disclaimed by ISC, via CERT, that ISC DHCP contains C includes that define "vsnprintf" to "vsprintf" creating potential buffer overflow conditions. PRODUCTS AND FIRMWARE VERSIONS AFFECTED Hardware: No Aruba Wireless Networks Platform are affected Software: No Aruba OS available versions are affected DETAILS This issue could cause a stack overflow and eventual crash of the machine running ISC's DHCPd. Although it was not clear if whether or not that overflow could be used to execute arbitrary code, this should not cause a problem on Aruba Wireless Networks products, since they are not affected by the packets described in the CERT notification. IMPACT None. WORKAROUNDS There is no need for a workaround to be implemented. SOLUTION Aruba products were tested against this possible attack and are not vulnerable to it. OBTAINING FIXED FIRMWARES There is no special firmware needed to address the issue described above. Aruba Support contacts are as follows: 1-800-WiFiLAN (1-800-943-4526) (toll free from within North America) +1-408-754-1200 (toll call from anywhere in the world) e-mail: support(at)arubanetworks.com web: http://www.arubanetworks.com/support Please, do not contact either “wsirt(at)arubanetworks.com" or "security(at)arubanetworks.com" for software upgrades. EXPLOITATION AND PUBLIC ANNOUNCEMENTS This vulnerability will be announced at http://www.kb.cert.org/vuls STATUS OF THIS NOTICE: Final Although Aruba Wireless networks cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Aruba Wireless Networks does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Aruba Wireless Networks may update this advisory. A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. DISTRIBUTION OF THIS ANNOUCEMENT This advisory will be posted on Aruba's website at http://www.arubanetworks.com/support/wsirt/alerts/AID-06152004.asc In addition to worldwide web posting, a text version of this notice is clear-signed with the Aruba WSIRT PGP key having the fingerprint AB90 36CE 259C 7BA1 4FAF 62F8 3EF2 6968 39C3 A3C0 and is posted to the following e-mail recipients. * cert@cert.org Future updates of this advisory, if any, will be placed on Aruba's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. REVISION HISTORY Revision 1.0 /06-14-2004 / Initial release ARUBA WSIRT SECURITY PROCEDURES Complete information on reporting security vulnerabilities in Aruba Wireless Networks products, obtaining assistance with security incidents is available at http://www.arubanetworks.com/support/wsirt.php For reporting *NEW* Aruba Wireless Networks security issues, email can be sent to wsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.arubanetworks.com/support/wsirt.php (c) Copyright 2004 by Aruba Wireless Networks, Inc. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) iD8DBQFA0JHEPvJpaDnDo8ARAssBAKCDH6d3XCrj4JzECPnZRzE37uWJ4gCfVqkk yH33KvSXxMYuW2zwUxZ8Kq4= =KT2h -----END PGP SIGNATURE-----