-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- Aruba Wireless Networks Security Advisory Title: Aruba switches are vulnerable to a PPTP exploit. ACLs are by default enabled to allow PPTP to the Aruba switch Aruba Advisory ID: AID-02102005 Revision: 1.0 For Public Release on 02/10/2005 at 20:00 (GMT) References: Aruba bug id 00006264 - ----------------------------------------------------------------------- SUMMARY Aruba switches are vulnerable to a PPTP exploit, even if the device is not configured to use this VPN feature due to a buffer overflow. PRODUCTS AND FIRMWARE VERSIONS AFFECTED Hardware: All Aruba Wireless Networks Platform are affected Software: Aruba OS versions prior to 2.2.4.4 are affected DETAILS Certain tools can cause a buffer overflow in the PPTP process of the Aruba switches. IMPACT General instability in the switch might be caused. WORKAROUNDS For customers that do not use PPTP VPNs, the workaround is to remove the PPTP service from the vpnlogon session acl. configure terminal ip access-list session vpnlogon no any any svc-pptp permit For those customers using PPTP, there is no workaround available. SOLUTION Upgrade the switch version to 2.2.4.4 or higher OBTAINING FIXED FIRMWARES Aruba customers can obtain the firmware on the support website. Aruba Support contacts are as follows: 1-800-WiFiLAN (1-800-943-4526) (toll free from within North America) +1-408-754-1200 (toll call from anywhere in the world) e-mail: support(at)arubanetworks.com web: http://www.arubanetworks.com/support Please, do not contact either "wsirt(at)arubanetworks.com" or "security(at)arubanetworks.com" for software upgrades. EXPLOITATION AND PUBLIC ANNOUNCEMENTS This vulnerability will be announced at http://www.arubanetworks.com/support/wsirt/alerts/aid-02102005.asc STATUS OF THIS NOTICE: Final Although Aruba Wireless networks cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Aruba Wireless Networks does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Aruba Wireless Networks may update this advisory. A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. DISTRIBUTION OF THIS ANNOUCEMENT This advisory will be posted on Aruba's website at http://www.arubanetworks.com/support/wsirt/alerts/aid-02102005.asc Future updates of this advisory, if any, will be placed on Aruba's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. REVISION HISTORY Revision 1.0 /02-10-2005 / Initial release ARUBA WSIRT SECURITY PROCEDURES Complete information on reporting security vulnerabilities in Aruba Wireless Networks products, obtaining assistance with security incidents is available at http://www.arubanetworks.com/support/wsirt.php For reporting *NEW* Aruba Wireless Networks security issues, email can be sent to wsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.arubanetworks.com/support/wsirt.php (c) Copyright 2005 by Aruba Wireless Networks, Inc. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGeFlvp6KijA4qefURAqPpAKCHdda+uT4R+X6kHwteBS2H9SzpzQCghPdA PBGBLg6AM8xSbN+UyediSX4= =kwat -----END PGP SIGNATURE-----