-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory =============================== Advisory ID: ARUBA-PSA-2016-011 CVE: CVE-2016-5195 Publication Date: 2016-Nov-04 Status: Confirmed, Fixed Revision: 1 Title ===== "Dirty Cow" Linux Kernel Vulnerability (CVE-2016-5195) Overview ======== A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. Multiple Aruba products are built on top of Linux. Affected Products ================= -- AirWave (all versions up to, but not including, 8.2.3) Unaffected Products =================== The following products may contain the kernel vulnerability, but because they do not permit unprivileged local Linux accounts, they are not directly vulnerable. -- ClearPass Policy Manager -- ArubaOS (controllers and switches) -- Aruba Instant -- Aruba Central -- ALE Aruba intends to patch these products, as appropriate, through regularly scheduled maintenance releases. This will be done as part of "defense in depth" best security practices. Details ======= The AirWave Management Platform operates as an application on top of a standard CentOS Linux system. Administrators are given access to the Linux shell as the "root" user, and may create additional Linux shell accounts if needed. If no unprivileged users have been given local Linux accounts on an AirWave system, then this vulnerability cannot be exploited. Aruba recommends patching the vulnerability regardless, as part of a "defense in depth" approach. Resolution ========== This issue will be resolved in AirWave version 8.2.3, which is scheduled for release in November, 2016. This issue may also be manually patched through the CentOS operating system. RedHat and the CentOS Project have issued a kernel patch to address CVE-2016-5195. To apply the fix, login to the AirWave server as the "root" user over SSH or through the console and issue the following command: yum update --disableexcludes=main kernel Once the fix has been installed, a reboot of the server is required. From the root shell, issue the command "reboot". - - -- If Internet access is not available, the patch may be downloaded, transferred to the system, and applied manually: 1. Download the patch from the following URL (or any other CentOS mirror): ftp://195.220.108.108/linux/centos/6.8/updates/x86_64/Packages/kernel-2.6.32-642.6.2.el6.x86_64.rpm 2. Copy the downloaded RPM file to the AirWave server AMP under the /root folder using WinSCP, OpenSSH, other any other SFTP/SCP copy utility. 3. Apply the RPM. From a root shell: # rpm -Uvh /root/kernel-2.6.32-642.6.2.el6.x86_64.rpm --nodeps 4. Reboot the server by issuing the "reboot" command from the root shell. Workarounds =========== If patching cannot be done immediately, disable unprivileged local Linux accounts temporarily to prevent them from using the vulnerability to escalate privileges. Note: Accounts created within the AirWave Management Platform are not local Linux accounts - they are contained entirely within the application. Revision History ================ Revision 1 / 2016-Nov-04 / Initial release Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at: http://www.arubanetworks.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to sirt(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: http://www.arubanetworks.com/support-services/security-bulletins/ (c) Copyright 2016 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJYHMEXAAoJEJj+CcpFhYbZph8H/1nrFvhGFGpKgs71FrKV1bUl nSZbPjgQWgXTEhl6rMRpg4qK7x0la5emYAC6+xJc2Hw/MZ0YDCLfpy9zh2fHk+cK v39VkgwtiUx3mHUog0DvGPNKnSIb6A2cNMrg8u/r0liDea9W3GfAM4/rOr181SkE C3dkKPB00ITJ7RgQKN2TKqu13Cbd0WOdtDCHo0XyFpo6bTkHajMx2jMizNtNs3o3 0brXiM0twHlAVq05IxcgOexl/j2WrmaRj8WkTzgExQjt4+/bD3FRCYBGk8oFemqw 2OPtbL9XsAufheRyoqWpfIfdyH/6PlcSuCTXiG0+rCCNDnkJxa0QrxDSYoCrjrg= =Vedq -----END PGP SIGNATURE-----