-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hash: SHA1

Aruba Wireless Networks Security Advisory

Title: Aruba Mobility Controller Management Interface Buffer Overflow
Aruba Advisory ID: AID-021307b
Revision: 1.0
For Public Release on 02/13/2007

References:
US-CERT Advisory VU#319913


+---------------------------------------------------------------------



SUMMARY

A buffer overflow vulnerability was discovered during an external
security audit of the Aruba Mobility Controller.  This vulnerability
affects customers using all versions of the Aruba Controller beginning
with version 2.4. Certain malformed inputs to the management interfaces
(web UI or CLI) will cause the system to crash.

PRODUCTS AND FIRMWARE VERSIONS AFFECTED

Hardware: 	Aruba Networks Mobility Controllers (200, 800, 2400, and
		6000) running software versions 2.0 and later. 

		Alcatel-Lucent OmniAccess Wireless 43xx and 6000 running
		software versions 2.0 and later.
	

DETAILS

Aruba Mobility Controllers may present a web-based or command-line
management interface. Providing malformed input at the login prompt may
result in a system crash, precipitating a denial of service. As with any
buffer overflow, there is some possibility that certain specially
crafted inputs could allow arbitrary code code execution, although this
behavior has not been observed. If remote management is permitted, this
vulnerability may be triggered remotely.

IMPACT

The management interface of the Mobility Controller may be rendered
unavailable. If arbitrary code execution is indeed possible, this could
potentially result in system compromise.

WORKAROUNDS

See Solution below.

SOLUTION

Aruba Networks recommends that all customers apply the appropriate
patch(es) as soon as practicable. However, in the event that the patch
cannot be immediately applied, the following steps will help to mitigate
the risk:

 - do not allow unrestricted access to the management interfaces of the
   system (i.e. the CLI and/or the web UI). If these interfaces are
   accessible via the network, disable that access until you are able to
   apply the patch

 - ensure physical security for the management interfaces of the system;
   do not allow CLI access via telnet or ssh, and restrict access to the
   system console.

 - disable captive portal access

OBTAINING FIXED FIRMWARES

Aruba customers can obtain the firmware on the support website:
http://www.arubanetworks.com/support. 
   
   Aruba Support contacts are as follows:

     1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)
     +1-408-754-1200 (toll call from anywhere in the world)
     e-mail: support(at)arubanetworks.com

   Please, do not contact either "wsirt(at)arubanetworks.com" or
   "security(at)arubanetworks.com" for software upgrades.


EXPLOITATION AND PUBLIC ANNOUNCEMENTS

This vulnerability will be announced at 

Aruba W.S.I.R.T. Advisory:
http://www.arubanetworks.com/support/wsirt/alerts/aid-021307b.asc

US-CERT Advisory:
http://www.kb.cert.org/vuls/id/319913

Security Focus Bugtraq:
http://www.securityfocus.com/archive/1/459928/30/0/threaded

CREDIT

Aruba Networks thanks Maxim Salomon and Jan Meunther of n.runs AG for
reporting this issue to the Aruba WSIRT team.

STATUS OF THIS NOTICE: Final

Although Aruba Wireless networks cannot guarantee the accuracy of all
statements in this advisory, all of the facts have been checked to the
best of our ability. Aruba Wireless Networks does not anticipate issuing
updated versions of this advisory unless there is some material change
in the facts. Should there be a significant change in the facts,
Aruba Wireless Networks may update this advisory.

A stand-alone copy or paraphrase of the text of this security advisory
that omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain factual
errors.

DISTRIBUTION OF THIS ANNOUCEMENT

      This advisory will be posted on Aruba's website at
     
http://www.arubanetworks.com/support/wsirt/alerts/aid-021307b.asc

Future updates of this advisory, if any, will be placed on Aruba's
worldwide website, but may or may not be actively announced on mailing
lists or newsgroups. Users concerned about this problem are encouraged
to check the above URL for any updates.

REVISION HISTORY

      Revision 1.0 /02-13-2007 / Initial release
      Revision 1.1 / 08-02-2007 / Added credit section

ARUBA WSIRT SECURITY PROCEDURES

Complete information on reporting security vulnerabilities in Aruba 
Wireless Networks products, obtaining assistance with security incidents
is available at
      http://www.arubanetworks.com/support/wsirt.php
   
  
For reporting *NEW* Aruba Wireless Networks security issues, email can
be sent to wsirt(at)arubanetworks.com or security(at)arubanetworks.com.
For sensitive information we encourage the use of PGP encryption. Our
public keys can be found at 
	http://www.arubanetworks.com/support/wsirt.php


      (c) Copyright 2007 by Aruba Wireless Networks, Inc.
This advisory may be redistributed freely after the release date given
at the top of the text, provided that redistributed copies are complete
and unmodified, including all date and version information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGsqFJp6KijA4qefURAq6FAJ9Ezoz1hkv3M9RY/6TubK+nDL1mZACfc68A
h2Mt8cdk0D0mczn5YbQOZBs=
=k52C
-----END PGP SIGNATURE-----