-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aruba Product Security Advisory
===============================

Advisory ID: ARUBA-PSA-2016-011
CVE: CVE-2016-5195
Publication Date: 2016-Nov-04
Status: Confirmed, Fixed
Revision: 1


Title
=====
"Dirty Cow" Linux Kernel Vulnerability (CVE-2016-5195)


Overview
========
A race condition was found in the way the Linux kernel's memory subsystem
handled the copy-on-write (COW) breakage of private read-only memory mappings.
An unprivileged, local user could use this flaw to gain write access to
otherwise read-only memory mappings and thus increase their privileges on
the system.

Multiple Aruba products are built on top of Linux.


Affected Products
=================
 -- AirWave (all versions up to, but not including, 8.2.3)


Unaffected Products
===================
The following products may contain the kernel vulnerability, but because they
do not permit unprivileged local Linux accounts, they are not directly
vulnerable.
 -- ClearPass Policy Manager
 -- ArubaOS (controllers and switches)
 -- Aruba Instant
 -- Aruba Central
 -- ALE

Aruba intends to patch these products, as appropriate, through regularly
scheduled maintenance releases.  This will be done as part of "defense in
depth" best security practices.


Details
=======
The AirWave Management Platform operates as an application on top of a
standard CentOS Linux system.  Administrators are given access to the
Linux shell as the "root" user, and may create additional Linux shell
accounts if needed.

If no unprivileged users have been given local Linux accounts on an AirWave
system, then this vulnerability cannot be exploited.  Aruba recommends
patching the vulnerability regardless, as part of a "defense in depth"
approach.


Resolution
==========
This issue will be resolved in AirWave version 8.2.3, which is scheduled for
release in November, 2016.

This issue may also be manually patched through the CentOS operating system.
RedHat and the CentOS Project have issued a kernel patch to address
CVE-2016-5195.  To apply the fix, login to the AirWave server as the "root" user
over SSH or through the console and issue the following command:
  yum update --disableexcludes=main kernel

Once the fix has been installed, a reboot of the server is required.  From
the root shell, issue the command "reboot".
- - --
If Internet access is not available, the patch may be downloaded, transferred
to the system, and applied manually:
 1. Download the patch from the following URL (or any other CentOS mirror):
    ftp://195.220.108.108/linux/centos/6.8/updates/x86_64/Packages/kernel-2.6.32-642.6.2.el6.x86_64.rpm
 2. Copy the downloaded RPM file to the AirWave server AMP under the /root
    folder using WinSCP, OpenSSH, other any other SFTP/SCP copy utility.
 3. Apply the RPM.  From a root shell:
    # rpm -Uvh /root/kernel-2.6.32-642.6.2.el6.x86_64.rpm --nodeps
 4. Reboot the server by issuing the "reboot" command from the root shell.


Workarounds
===========
If patching cannot be done immediately, disable unprivileged local Linux
accounts temporarily to prevent them from using the vulnerability to escalate
privileges.  Note: Accounts created within the AirWave Management Platform
are not local Linux accounts - they are contained entirely within the
application.


Revision History
================

      Revision 1 / 2016-Nov-04 / Initial release


Aruba SIRT Security Procedures
==============================

Complete information on reporting security vulnerabilities in Aruba Networks
products, obtaining assistance with security incidents is available at:

http://www.arubanetworks.com/support-services/security-bulletins/


For reporting *NEW* Aruba Networks security issues, email can be sent to
sirt(at)arubanetworks.com. For sensitive information we encourage the use of
PGP encryption. Our public keys can be found at:

http://www.arubanetworks.com/support-services/security-bulletins/


(c) Copyright 2016 by Aruba, a Hewlett Packard Enterprise company.
This advisory may be redistributed freely after the release date given at
the top of the text, provided that redistributed copies are complete and
unmodified, including all date and version information.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJYHMEXAAoJEJj+CcpFhYbZph8H/1nrFvhGFGpKgs71FrKV1bUl
nSZbPjgQWgXTEhl6rMRpg4qK7x0la5emYAC6+xJc2Hw/MZ0YDCLfpy9zh2fHk+cK
v39VkgwtiUx3mHUog0DvGPNKnSIb6A2cNMrg8u/r0liDea9W3GfAM4/rOr181SkE
C3dkKPB00ITJ7RgQKN2TKqu13Cbd0WOdtDCHo0XyFpo6bTkHajMx2jMizNtNs3o3
0brXiM0twHlAVq05IxcgOexl/j2WrmaRj8WkTzgExQjt4+/bD3FRCYBGk8oFemqw
2OPtbL9XsAufheRyoqWpfIfdyH/6PlcSuCTXiG0+rCCNDnkJxa0QrxDSYoCrjrg=
=Vedq
-----END PGP SIGNATURE-----