關於iThome 5/12刊載" Google通報指出,Aruba旗下的網路產品存有數十個軟體漏洞與安全瑕疵"一文說明如下:
(1) CVE-2016-2031和CVE-2016-2032 (文章中所提到的安全通報)
(a)CVE-2016-2031,影響產品為IAP系列
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt
(b) CVE-2016-2032影響產品為 Airwave ,
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt
(2)Aruba Security Advisories: (Aruba資安問題公告網頁)
http://www.arubanetworks.com/support-services/security-bulletins/
(3) 其他資安問題: ArubaOS Multiple Vulnerabilities 說明
Aruba Product Security Advisory ===============================
Advisory ID: ARUBA-PSA-2016-007 CVE: CVE-2016-0801, CVE-2016-0802, CVE-2015-8605 Publication Date: 2016-05-11 Status: Confirmed, Fixed Revision: 1
Title ===== ArubaOS Multiple Vulnerabilities
Overview ======== Multiple vulnerabilities have recently been fixed in ArubaOS.
Affected Products ================= -- ArubaOS 6.3 -- ArubaOS 6.4.2.x prior to 6.4.2.16 -- ArubaOS 6.4.3.x prior to 6.4.3.7 -- ArubaOS 6.4.4.x prior to 6.4.4.5
Details ======= Buffer Over-read Leads to Information Disclosure ----------------------------------------------- A buffer over-read vulnerability allows an unauthenticated user to read from uninitialized memory locations. Based on analysis of the flaw, Aruba does not believe that this memory is likely to contain sensitive information.
Severity: Low CVSSv2 Overall Score: 2.9 CVSSv2 Vector: (AV:A/AC:M/Au:N/C:P/I:N/A:N)
Discovery: This vulnerability was discovered and reported by Roden Delves of Telstra.
Fix: Fixed in 6.4.2.14, 6.4.3.7, and 6.4.4.3. Remote Code Execution Vulnerability in Broadcom Wi-Fi Driver (CVE-2016-0801, CVE-2016-0802) ------------------------------------------------------------------------------------------- The Broadcom Wi-Fi driver used in the AP-2xx series access points allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets. The attacker must be joined to the network (wired or wireless) - this vulnerability may not be exercised by an unauthenticated user against a WPA2 network.
Tunnel mode (the default operating mode for ArubaOS) is not affected, since wireless frames are not processed by the Broadcom driver in this mode of operation. APs configured for D-Tunnel mode or local bridging mode are affected. If an AP2xx is deployed as a RAP with local bridging of Wi-Fi traffic, it is also affected.
Severity: Medium CVSSv2 Overall Score: 4.9 CVSSv2 Vector: (AV:A/AC:M/Au:S/C:P/I:P/A:P)
Discovery: This vulnerability was publicly announced.
Fix: Fixed in 6.3.1.20, 6.4.2.16, 6.4.3.7, and 6.4.4.5
DHCP Denial of Service Vulnerability (CVE-2015-8605) ---------------------------------------------------- A flaw in the ISC DHCP server allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. The flawed DHCP server is incorporated into ArubaOS. If the DHCP server is enabled in an Aruba mobility controller, an attacker could cause it to crash. ArubaOS would automatically restart the process. However, DHCP services would be disrupted temporarily.
Severity: Low CVSSv2 Overall Score: 2.9 CVSSv2 Vector: (AV:A/AC:M/Au:N/C:N/I:N/A:P)
Discovery: This vulnerability was publicly announced.
Fix: Fixed in 6.3.1.21, 6.4.2.16, 6.4.3.7, and 6.4.4.5
Solution ========
Upgrade to one of the following software versions: -- ArubaOS 6.3.1.21 or later -- ArubaOS 6.4.2.16 or later -- ArubaOS 6.4.3.7 or later -- ArubaOS 6.4.4.5 or later
Note: ArubaOS 5.x, 6.1.x, and 6.2.x are no longer being actively developed, and security patches are produced by default only for high-severity issues. Customers who require patches for older versions should contact Aruba Technical Support to make that request.
Obtaining Fixed Software ========================
Aruba customers can obtain software updates on the support website: http://support.arubanetworks.com
Aruba Support contacts are as follows:
+1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)
+1-408-754-1200 (toll call from anywhere in the world)
The full contact list is at: http://www.arubanetworks.com/support-services/support-program/contact-support/
e-mail: support(at)arubanetworks.com
Please do not contact "sirt(at)arubanetworks.com" for software upgrades.
Revision History ================
Revision 1.0 / 2016-May-11 / Initial release
Aruba SIRT Security Procedures ==============================
Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at:
http://www.arubanetworks.com/support-services/security-bulletins/
For reporting *NEW* Aruba Networks security issues, email can be sent to sirt(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at:
|