Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
Ask the Team  Mailing Lists  Advertising Info  Advisories  About SecuriTeam  Blogs Brought to you by: Suppliers of: Website Testing Tools Network Testing Tools Software Testing Tools SecuriTeam in Your Inbox New vulnerability? New tool? Tell us (Our PGP key).	Aruba Mobility Controller Malformed EAP Frame DoS Vulnerability 14 Dec. 2008    Summary A Denial of Service (DoS) vulnerability was discovered during standard bug reporting procedures in the Aruba Mobility Controller. A malformed EAP frame causes a process crash on the Aruba Mobility Controller causing a temporary DoS condition for new clients configured to use EAP authentication. Prior successful security association is not required to cause this condition. The Mobility Controller recovers automatically by restarting the affected process.   Credit: The information has been provided by Robbie (Rupinder) Gill. The original article can be found at: http://www.arubanetworks.com/support/alerts/aid-12808.asc Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    Details Protect your website! Use an External Vulnerability Scanner! Nothing to install. First report in 1 hour! www.beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Aruba Mobility Controller vesion 2.4.8.x-FIPS  * Aruba Mobility Controller vesion 2.5.x  * Aruba Mobility Controller vesion 3.1.x  * Aruba Mobility Controller vesion 3.2.x  * Aruba Mobility Controller vesion 3.3.1.x  * Aruba Mobility Controller vesion 3.3.2.x Immune Systems:  * Extensible Authentication Protocol (EAP) is a framework used for authentication in wireless and point-point connections (RFC 3748). Aruba Mobility Controller accepts EAP frames on both wireless interfaces (via its thin APs) and wired interfaces (via devices connected to untrusted physical ports on the controller). In 802.11 networks, EAP frames are only used when WPA/WPA2 Enterprise modes are being used. A malformed EAP frame causes a process crash on the Aruba Mobility Controller. An attacking station does not need to have completed a successful security association prior to launching this attack against the controller. Impact: An attacker can inject a malformed EAP frame and cause a process crash on the Aruba Mobility Controller. This causes a service outage for new clients configured to use EAP authentication. The Mobility Controller recovers automatically by restarting the affected process. An attacker could however cause a prolonged DoS condition by flooding the Aruba Mobility Controller with malicious EAP frames. For wireless, this vulnerability only applies when operating in WPA/WPA2 Enterprise modes. WPA/WPA2-PSK modes are unaffected by this vulnerability and so are open/WEP based wireless networks. This vulnerability does affect wired devices connected to untrusted physical ports of the Mobility Controller. Workaround: Aruba Networks recommends that all customers that are using EAP authentication apply the appropriate patch(es) as soon as practical. However, in the event that a patch cannot immediately be applied, the following steps might help in mitigating the risk: - - Aruba Mobility Controllers allows for a mode of operation where a wireless client's EAP communication terminates on the controller, rather than on an authentication server (RADIUS server, LDAP server etc.). The Mobility Controller in turn queries the authentication server on behalf of the client using non EAP messages. This mode is referred to as "EAP-Offload" and is immune to this vulnerability. Enabling this mode on the Mobility Controller can be used as a workaround until the patch(es) can be applied. EAP-Offload is not supported for wired client devices. Solution: Aruba Networks recommends that all customers apply the appropriate patch(es) as soon as practical. However, in the event that a patch can not immediately be applied, the workaround steps will help to mitigate the risk.  Comments:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews  Related Articles LedgerSMB Multiple Vulnerabilities Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability Piwik Cookie Unserialize Vulnerability Invision Power Board SQL PHP File Inclusion and SQL Injection U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) Vulnerability DevIL DICOM Buffer Overflow Vulnerability Marvell Driver Multiple Information Element Overflows HP Data Protector Express and Single Server Edition (SSE) DoS and Code Execution HP Color LaserJet Printers Unauthorized Access to Data and DoS KDE KDELibs Remote Array Overrun with Arbitrary Code Execution Gimp BMP Image Parsing Integer Overflow Vulnerability Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation WordPress Unrestricted File Upload Arbitrary PHP Code Execution Atheros Driver Reserved Frame DoS Vulnerability McAfee Security Manager Authentication Bypass and Session Hijacking Vulnerability  Featured Articles Microsoft Embedded OpenType Font Engine Heap Buffer Overflow (MS09-029) Virtualmin Multiple Vulnerabilities Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability (MS09-010) WordPress Unchecked Privileges in admin.php and Multiple Information Disclosures Microsoft PowerPoint Conversion Filter Heap Corruption Vulnerability (MS09-017) Adobe Shockwave Player Director File Parsing Pointer Overwrite Mozilla Firefox Java Applet Loading Vulnerability
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®