[HPE Aruba資安通報] 有關IThome 5/12刊載ARUBA 產品軟體漏洞說明

2016-05-13

關於iThome 5/12刊載" Google通報指出,Aruba旗下的網路產品存有數十個軟體漏洞與安全瑕疵"一文說明如下:

(1) CVE-2016-2031和CVE-2016-2032 (文章中所提到的安全通報)

(a)CVE-2016-2031,影響產品為IAP系列

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt

(b) CVE-2016-2032影響產品為 Airwave ,

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt

(2)Aruba Security Advisories: (Aruba資安問題公告網頁)

http://www.arubanetworks.com/support-services/security-bulletins/

(3) 其他資安問題: ArubaOS Multiple Vulnerabilities 說明

Aruba Product Security Advisory
===============================

Advisory ID: ARUBA-PSA-2016-007
CVE: CVE-2016-0801, CVE-2016-0802, CVE-2015-8605
Publication Date: 2016-05-11
Status: Confirmed, Fixed
Revision: 1

Title
=====
ArubaOS Multiple Vulnerabilities

Overview
========
Multiple vulnerabilities have recently been fixed in ArubaOS.

Affected Products
=================
-- ArubaOS 6.3
-- ArubaOS 6.4.2.x prior to 6.4.2.16
-- ArubaOS 6.4.3.x prior to 6.4.3.7
-- ArubaOS 6.4.4.x prior to 6.4.4.5

Details
=======
Buffer Over-read Leads to Information Disclosure
-----------------------------------------------
A buffer over-read vulnerability allows an unauthenticated user to read from uninitialized
memory locations.  Based on analysis of the flaw, Aruba does not believe that this
memory is likely to contain sensitive information.

Severity: Low
CVSSv2 Overall Score: 2.9
CVSSv2 Vector: (AV:A/AC:M/Au:N/C:P/I:N/A:N)

Discovery: This vulnerability was discovered and reported by Roden Delves of Telstra.

Fix: Fixed in 6.4.2.14, 6.4.3.7, and 6.4.4.3.
Remote Code Execution Vulnerability in Broadcom Wi-Fi Driver (CVE-2016-0801, CVE-2016-0802)
-------------------------------------------------------------------------------------------
The Broadcom Wi-Fi driver used in the AP-2xx series access points allows attackers
to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless
control message packets.  The attacker must be joined to the network (wired or wireless) - this
vulnerability may not be exercised by an unauthenticated user against a WPA2 network.

Tunnel mode (the default operating mode for ArubaOS) is not affected, since wireless frames are not
processed by the Broadcom driver in this mode of operation.  APs configured for D-Tunnel mode
or local bridging mode are affected.  If an AP2xx is deployed as a RAP with local bridging of
Wi-Fi traffic, it is also affected.

Severity: Medium
CVSSv2 Overall Score: 4.9
CVSSv2 Vector: (AV:A/AC:M/Au:S/C:P/I:P/A:P)

Discovery: This vulnerability was publicly announced.

Fix: Fixed in 6.3.1.20, 6.4.2.16, 6.4.3.7, and 6.4.4.5

DHCP Denial of Service Vulnerability (CVE-2015-8605)
----------------------------------------------------
A flaw in the ISC DHCP server allows remote attackers to cause a denial of service (application crash)
via an invalid length field in a UDP IPv4 packet.  The flawed DHCP server is incorporated into ArubaOS.
If the DHCP server is enabled in an Aruba mobility controller, an attacker could cause it to crash.
ArubaOS would automatically restart the process.  However, DHCP services would be disrupted
temporarily.

Severity: Low
CVSSv2 Overall Score: 2.9
CVSSv2 Vector: (AV:A/AC:M/Au:N/C:N/I:N/A:P)

Discovery: This vulnerability was publicly announced.

Fix: Fixed in 6.3.1.21, 6.4.2.16, 6.4.3.7, and 6.4.4.5

Solution
========

Upgrade to one of the following software versions:
-- ArubaOS 6.3.1.21 or later
-- ArubaOS 6.4.2.16 or later
-- ArubaOS 6.4.3.7 or later
-- ArubaOS 6.4.4.5 or later

Note: ArubaOS 5.x, 6.1.x, and 6.2.x are no longer being actively developed, and
security patches are produced by default only for high-severity issues.
Customers who require patches for older versions should contact Aruba Technical Support
to make that request.

Obtaining Fixed Software
========================

Aruba customers can obtain software updates on the support website:
http://support.arubanetworks.com

Aruba Support contacts are as follows:

+1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)

+1-408-754-1200 (toll call from anywhere in the world)

The full contact list is at:
http://www.arubanetworks.com/support-services/support-program/contact-support/

e-mail: support(at)arubanetworks.com

Please do not contact "sirt(at)arubanetworks.com" for software upgrades.

Revision History
================

Revision 1.0 / 2016-May-11 / Initial release

Aruba SIRT Security Procedures
==============================

Complete information on reporting security vulnerabilities in Aruba Networks
products, obtaining assistance with security incidents is available at:

http://www.arubanetworks.com/support-services/security-bulletins/

For reporting *NEW* Aruba Networks security issues, email can be sent to
sirt(at)arubanetworks.com. For sensitive information we encourage the use of
PGP encryption. Our public keys can be found at:



<<回到新聞發佈 - 分享朋友