-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

  Aruba Wireless Networks Security Advisory

Title: IPsec configurations may be vulnerable to information
disclosure
Aruba Advisory ID: AID-051005
Revision: 1.0
For Public Release on 05/10/2005 at 20:00 (GMT)
References: NISCC Vulnerability Advisory IPsec - 004033
            CERT Vulnerability Report: VU#302220
            CVE number: CAN-2005-0039


- -----------------------------------------------------------------------


SUMMARY


The NISCC (UK National Infrastructure Security Co-ordination Centre) has
made public an advisory that describes three attacks that apply to
certain configurations of IPsec.  IP Security (IPsec) is a set of
protocols developed by the Internet Engineering Task Force (IETF) to
support secure exchange of packets at the IP layer; IPsec has been
deployed widely, including wireless lan environments, to implement
Virtual Private Networks (VPNs).  These three attacks apply to certain
IPsec configurations that use Encapsulating Security Payload (ESP) in
tunnel mode with confidentiality only, or with integrity protection
being provided by a higher layer protocol. Some configurations using AH
to provide integrity protection are also vulnerable.

None of the Aruba Wireless Networks products are affected by any of the
three specified attacks.


PRODUCTS AND FIRMWARE VERSIONS AFFECTED

Hardware: None of the Aruba Wireless Networks devices are affected
Software: None of the Aruba Wireless Networks software versions are
          affected


DETAILS

The IP Security (IPsec) protocol suite are IETF standards commonly used
to provide secure networking facilities at the IP level mostly for
creating Virtual Private Networks (VPNs).

Within the IPsec suite, the Encapsulating Security Payload (ESP)
protocol provides confidentiality for packets by applying encryption
algorithms to the packets, along with several other services.  The
Authentication Header (AH) protocol can be used to complement the ESP
functionality with integrity protection. Both the ESP and AH protocols
can be used in either "Transport" or "Tunneling" mode.  When Cipher
Block Chaining (CBC) encryption, which has a well-known set of flaws
allowing bit-flipping attacks, is used by ESP in tunneling mode to
provide confidentiality guarantees without proper integrity protection
for inner (tunneled) packets, attackers may be able to perform the
following attacks:

 - Destination Address Rewriting: The destination IP address of the
   inner, encrypted packet is modification in a bit-flipping attack.
   Intermediate gateways may then route the inner packet to the modified
   destination address once the inner packet is recovered.

 - IP Options modification: The header length and source address of the
   inner packet is modified by performing a bit-flipping attack on the
   outer payload. Once the modified inner packet is recovered, the
   structure of the packet may be affected in such a manner that an
   Internet Control Message Protocol (ICMP) Parameter Problem message is
   generated and sent to the source address of the inner packet along 
   with the plaintext payload. This may be intercepted, leading to a
   recovery of the original inner packet plaintext payload.

 - Protocol Field modification: In a similar manner to the IP Options
   modification attack, the protocol field and source address of the
   inner packet are modified in a bit-flipping attack against the outer
   packet payload. An invalid or unusable value in the protocol field
   may then cause a system which is processing a recovered inner packet
   to generate an ICMP Protocol Unreachable message. This ICMP message
   isi then sent back to the (modified) source address with the 
   plaintext payload of the inner packet, which may be intercepted in
   order to recover the plaintext.


These attacks involve an amount of probabilistic success, but any
successful attacks disclose information which makes future attacks more
efficient. This may allow for automated plaintext recovery with a
minimal amount of effort. The underlying problem is the use of CBC mode
encryption used for confidentiality, which is susceptible to known
attacks that allow the encrypted data to be modified in a known manner.
If integrity protection is not applied in a proper fashion to this
encrypted data, the change may be undetected and accepted as authentic
packet(s).

For further details, please visit NISCC's advisory at
http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en

IMPACT

Aruba switches are not affected by any of the three attacks described in
the NISCC vulnerability advisory since Aruba's implementation of IPsec
always requires integrity protection and also does not support AH in
transport mode.


WORKAROUNDS

There is no need for a specific workaround to be implemented.

SOLUTION

None of the Aruba Wireless Networks products are affected.

OBTAINING FIXED FIRMWARES

Aruba customers can obtain the firmware on the support website.
   
   Aruba Support contacts are as follows:

     1-800-WiFiLAN (1-800-943-4526) (toll free from within North
     America)
     +1-408-754-1200 (toll call from anywhere in the world)
     e-mail: support(at)arubanetworks.com
     web: http://www.arubanetworks.com/support

   Please, do not contact either "wsirt(at)arubanetworks.com" or 
"security(at)arubanetworks.com" for software upgrades.


EXPLOITATION AND PUBLIC ANNOUNCEMENTS

This vulnerability will be announced at
http://www.arubanetworks.com/support/wsirt/alerts/aid-05102005.asc
http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en
http://www.kb.cert.org/vuls/id/302220

STATUS OF THIS NOTICE: Final

Although Aruba Wireless networks cannot guarantee the accuracy of all
statements in this advisory, all of the facts have been checked to the
best of our ability. Aruba Wireless Networks does not anticipate issuing
updated versions of this advisory unless there is some material change
in the facts. Should there be a significant change in the facts, Aruba
Wireless Networks may update this advisory.

A stand-alone copy or paraphrase of the text of this security advisory
that omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain factual
errors.

DISTRIBUTION OF THIS ANNOUCEMENT

      This advisory will be posted on Aruba's website at
     
http://www.arubanetworks.com/support/wsirt/alerts/aid-05102005.asc

Future updates of this advisory, if any, will be placed on Aruba's
worldwide website, but may or may not be actively announced on mailing
lists or newsgroups. Users concerned about this problem are encouraged
to check the above URL for any updates.

REVISION HISTORY


      Revision 1.0 /05-10-2005 / Initial release


ARUBA WSIRT SECURITY PROCEDURES

Complete information on reporting security vulnerabilities in Aruba
Wireless Networks products, obtaining assistance with security incidents
is available at
      http://www.arubanetworks.com/support/wsirt.php
   
  
For reporting *NEW* Aruba Wireless Networks security issues, email can
be sent to wsirt(at)arubanetworks.com or security(at)arubanetworks.com.
For sensitive information we encourage the use of PGP encryption. Our
public keys can be found at
http://www.arubanetworks.com/support/wsirt.php


      (c) Copyright 2005 by Aruba Wireless Networks, Inc.
This advisory may be redistributed freely after the release date given
at the top of the text, provided that redistributed copies are complete
and unmodified, including all date and version information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGeFmJp6KijA4qefURAthKAKDDIl6P/w40Gzj4SarCe2jt9vv2EwCeILvi
fzMaaS/jKInEBvIq332EAx4=
=fRNw
-----END PGP SIGNATURE-----