-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aruba Wireless Networks Security Advisory Title: SSH tunneling allowed through Aruba devices Aruba Advisory ID: AID-06142005 Revision: 1.0 For Public Release on 06/14/2005 at 5:00 (GMT) References: - ----------------------------------------------------------------------- SUMMARY SSH tunneling (port forwarding) through the Aruba devices is allowed. PRODUCTS AND FIRMWARE VERSIONS AFFECTED Hardware: All of the Aruba Wireless Networks devices are affected Software: Aruba Wireless Networks software versions 2.2.0.0 through 2.4.0.0 are affected DETAILS Secure shell or SSH is both a program and a network protocol for logging into and executing commands on a remote device. It is intended to provide secure encrypted communications between two hosts over a network. However, the SSH protocol also contains a feature that permits the creation of local and remote tunnels, from host1 to host2, through a 3rd host. The problem affecting the Aruba devices is that a management user may establish SSH remote tunnels through the switch. IMPACT A user could pass any type of traffic through the switch to a remote device, via the SSH tunnels created. WORKAROUNDS None SOLUTION Firmware versions 2.2.5.3 build 10513, 2.3.4.12 build 10533 and 2.4.0.4 build 10563 and later contain fixes for this issue. OBTAINING FIXED FIRMWARES Aruba customers can obtain the firmware on the support website. Aruba Support contacts are as follows: 1-800-WiFiLAN (1-800-943-4526) (toll free from within North America) +1-408-754-1200 (toll call from anywhere in the world) e-mail: support(at)arubanetworks.com web: http://www.arubanetworks.com/support Please, do not contact either "wsirt(at)arubanetworks.com" or "security(at)arubanetworks.com" for software upgrades. EXPLOITATION AND PUBLIC ANNOUNCEMENTS This vulnerability will be announced at http://www.arubanetworks.com/support/wsirt/alerts/aid-06142005.asc STATUS OF THIS NOTICE: Final Although Aruba Wireless networks cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Aruba Wireless Networks does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Aruba Wireless Networks may update this advisory. A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. DISTRIBUTION OF THIS ANNOUCEMENT This advisory will be posted on Aruba's website at http://www.arubanetworks.com/support/wsirt/alerts/aid-06142005.asc Future updates of this advisory, if any, will be placed on Aruba's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. REVISION HISTORY Revision 1.0 /06-14-2005 / Initial release ARUBA WSIRT SECURITY PROCEDURES Complete information on reporting security vulnerabilities in Aruba Wireless Networks products, obtaining assistance with security incidents is available at http://www.arubanetworks.com/support/wsirt.php For reporting *NEW* Aruba Wireless Networks security issues, email can be sent to wsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.arubanetworks.com/support/wsirt.php (c) Copyright 2005 by Aruba Wireless Networks, Inc. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGeFmgp6KijA4qefURAsmNAJ92yQd/CBvMPbrDPOQXa6qnC76zpACgyAGr gwzA/V6KIAQoCIuYtomc9R8= =kw59 -----END PGP SIGNATURE-----