-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aruba Wireless Networks Security Advisory

Title: VPN ISAKMP Message Processing Denial of Service
Aruba Advisory ID: AID-111405
Revision: 1.0
For Public Release on 11/14/2005 at 5:00 (GMT)
References:
NISCC Vulnerability Advisory 273756/NISCC/ISAKMP
CERT-FI:  7710


+---------------------------------------------------------------------



SUMMARY

CERT-FI has released today vulnerabilities in the IKE negotiation found
by the tool developed by the Oulu University Secure Programming Group
(OUSPG).

PRODUCTS AND FIRMWARE VERSIONS AFFECTED

Hardware: None of the Aruba Wireless Networks devices are affected
Software: None of the Aruba Wireless Networks software versions are
          affected
	

DETAILS

The PROTOS ISAKMP test suite is a tool created by the OUSPG to test the
implementation of the IKEv1 Phase 1 in different vendors products.

The ISAKMP protocol is an international standard protocol, published by
the IETF, designed to establish, negotiate, modify and delete Security
Associations (SA). SAs contain all the information required for
execution of various network security services. ISAKMP provides a
consistent framework for transferring key and authentication data which
is independent of the key generation technique, encryption algorithm and
authentication mechanism. IKEv1, a derivate of ISAKMP, is a key protocol
in the Internet Security Architecture (IPsec).  IKEv1 is the most widely
used version of the Internet Key Exchange protocol.

Multiple ISAKMP implementations from other vendors behave in anomalous
way when they receive and handle ISAKMP Phase 1 packets with invalid
and/or abnormal contents. By applying the OUSPG PROTOS ISAKMP Test
Suite, several vulnerabilities can be revealed that can have varying
effects, none of these vulnerabilities were revealed by any of the Aruba
products.

IMPACT

None

WORKAROUNDS

There is no need for a specific workaround to be implemented.

SOLUTION

None of the Aruba Wireless Networks products are affected.


OBTAINING FIXED FIRMWARES

Aruba customers can obtain the firmware on the support website.
   
   Aruba Support contacts are as follows:

     1-800-WiFiLAN (1-800-943-4526) (toll free from within North
     America)
     +1-408-754-1200 (toll call from anywhere in the world)
     e-mail: support(at)arubanetworks.com
     web: http://www.arubanetworks.com/support

   Please, do not contact either "wsirt(at)arubanetworks.com" or 
"security(at)arubanetworks.com" for software upgrades.


EXPLOITATION AND PUBLIC ANNOUNCEMENTS

This vulnerability will be announced at 
http://www.arubanetworks.com/support/wsirt/alerts/aid-111405.asc


STATUS OF THIS NOTICE: Final

Although Aruba Wireless networks cannot guarantee the accuracy of all
statements in this advisory, all of the facts have been checked to the
best of our ability. Aruba Wireless Networks does not anticipate issuing
updated versions of this advisory unless there is some material change
in the facts. Should there be a significant change in the facts, Aruba
Wireless Networks may update this advisory.

A stand-alone copy or paraphrase of the text of this security advisory
that omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain factual
errors.

DISTRIBUTION OF THIS ANNOUCEMENT

      This advisory will be posted on Aruba's website at
     
http://www.arubanetworks.com/support/wsirt/alerts/aid-111405.asc

Future updates of this advisory, if any, will be placed on Aruba's
worldwide website, but may or may not be actively announced on mailing
lists or newsgroups. Users concerned about this problem are encouraged
to check the above URL for any updates.

REVISION HISTORY


      Revision 1.0 /01-14-2005 / Initial release


ARUBA WSIRT SECURITY PROCEDURES

Complete information on reporting security vulnerabilities in Aruba
Wireless Networks products, obtaining assistance with security incidents
is available at http://www.arubanetworks.com/support/wsirt.php
   
  
For reporting *NEW* Aruba Wireless Networks security issues, email can
be sent to wsirt(at)arubanetworks.com or security(at)arubanetworks.com.
For sensitive information we encourage the use of PGP encryption. Our
public keys can be found at
http://www.arubanetworks.com/support/wsirt.php


      (c) Copyright 2005 by Aruba Wireless Networks, Inc.
This advisory may be redistributed freely after the release date given
at the top of the text, provided that redistributed copies are complete
and unmodified, including all date and version information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGeFm2p6KijA4qefURAsDfAKD6qHB3HWUUoDWTaVnPkGWtsmo4SQCgvc+/
Ca0izxXuREmSlsjzMyutcY8=
=d3Jt
-----END PGP SIGNATURE-----