lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <482B7EDC.1050508@arubanetworks.com>
Date: Wed, 14 May 2008 17:07:56 -0700
From: "Robbie (Rupinder) Gill" <rgill@...banetworks.com>
To: bugtraq@...urityfocus.com
Subject: Aruba Mobility Controller TACACS User Authentication and Cross Site
 Scripting Vulnerabilities (Aruba Advisory ID: AID-051408)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aruba Networks Security Advisory

Title: Aruba Mobility Controller TACACS User Authentication and Cross
Site Scripting Vulnerabilities

Aruba Advisory ID: AID-051408
Revision: 1.0

For Public Release on 05/14/2008


+----------------------------------------------------

1.)

TITLE:  Mobility Controller TACACS User Authentication Vulnerability


SUMMARY

A user authentication vulnerability was discovered during standard bug
reporting procedures in the Aruba Mobility Controller.  This
vulnerability only affects customers using TACACS authentication for
Controller management users.

AFFECTED ArubaOS VERSIONS

~ 3.1.1.x, 3.2.0.x, 3.3.1.x and 3.1.1FIPS


DETAILS

Aruba Mobility Controllers may use external authentication methods to
authenticate users. A vulnerability in the TACACS authentication
component may allow unauthorized web UI/ssh/telnet access to the Aruba
Mobility Controller. TACACS is not the default authentication method and
must be configured as an authentication method for users before it will
be used. By default, user accounts and passwords are kept in a local
database which is not vulnerable to this issue.  Other authentication
methods supported by the Aruba Mobility Controller are not vulnerable to
this issue.






IMPACT

An attacker with web UI/ssh/telnet access to the Aruba Mobility
Controller may be able to gain unauthorized access to the administration
account of an Aruba Mobility Controller.


CVSS BASE METRIC SCORE: 10


WORKAROUNDS

Aruba Networks recommends that all customers apply the appropriate
patch(es) as soon
as practical.  However, in the event that a patch cannot immediately be
applied, the
following steps will help to mitigate the risk:

- -  Disable TACACS authentication for all accounts until such time as the
patches can be applied.

- - Do not expose the Mobility Controller administrative interface to
untrusted networks
such as the Internet.


SOLUTION

Aruba Networks recommends that all customers apply the appropriate
patch(es) as soon as practical.  However, in the event that a patch
cannot immediately be applied, the workaround steps will help to
mitigate the risk.

+----------------------------------------------------

2.)

TITLE:  Mobility Controller Web UI Cross Site Scripting Vulnerabilities


SUMMARY

Cross-site scripting vulnerabilities were discovered during standard bug
reporting procedures in the Aruba Mobility Controller. Certain malformed
inputs to the web UI allow the injection of cross-site scripting (XSS)
components, leading to a potential compromise of client web session
integrity.




AFFECTED ArubaOS VERSIONS

~ 2.5.5.x, 2.5.6.x, 2.4.8.x-FIPS, 3.1.1.x, 3.1.1.x-FIPS, 3.2.0.x, 3.3.1.x


DETAILS

Aruba Mobility Controllers may present a web-based management and
captive portal interface.  Providing malformed input to the web UI may
result in the presentation of that input to the user. Malicious XSS
injection via the web UI may not require action to be taken by the victim.


IMPACT

An attacker with web UI access to the Aruba Mobility Controller may be
able to compromise the integrity of a client web session or subvert the
authentication exchange content to retrieve administrator authentication
credentials to the Aruba Mobility Controller.


CVSS BASE METRIC SCORE: 10


WORKAROUNDS

Aruba Networks recommends that all customers apply the appropriate
patch(es) as soon
as practical.  However, in the event that a patch cannot immediately be
applied, the
following steps will help to mitigate the risk:

- - Do not expose the Mobility Controller administrative interface to
untrusted networks
such as the Internet.


SOLUTION

Aruba Networks recommends that all customers apply the appropriate
patch(es) as soon as practical.  However, in the event that a patch
cannot immediately be applied, the workaround steps will help to
mitigate the risk.

+----------------------------------------------------

OBTAINING FIXED FIRMWARES

Aruba customers can obtain the firmware on the support website:
	http://www.arubanetworks.com/support.

Aruba Support contacts are as follows:

	1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)

	+1-408-754-1200 (toll call from anywhere in the world)

	e-mail: support(at)arubanetworks.com

Please, do not contact either "wsirt(at)arubanetworks.com" or
"security(at)arubanetworks.com" for software upgrades.


EXPLOITATION AND PUBLIC ANNOUNCEMENTS

This vulnerability will be announced at

Aruba W.S.I.R.T. Advisory:
http://www.arubanetworks.com/support/alerts/aid-051408.asc

SecurityFocus Bugtraq
http://www.securityfocus.com/archive/1


STATUS OF THIS NOTICE: Final

Although Aruba Networks cannot guarantee the accuracy of all statements
in this advisory, all of the facts have been checked to the best of our
ability. Aruba Networks does not anticipate issuing updated versions of
this advisory unless there is some material change in the facts. Should
there be a significant change in the facts, Aruba Networks may update
this advisory.

A stand-alone copy or paraphrase of the text of this security advisory
that omits the distribution URL in the following section is an
uncontrolled copy, and may lack important information or contain factual
errors.


DISTRIBUTION OF THIS ANNOUNCEMENT

This advisory will be posted on Aruba's website at:
http://www.arubanetworks.com/support/alerts/aid051408.asc


Future updates of this advisory, if any, will be placed on Aruba's
worldwide website, but may or may not be actively announced on mailing
lists or newsgroups. Users concerned about this problem are encouraged
to check the above URL for any updates.


REVISION HISTORY

~      Revision 1.0 / 05-14-2008 / Initial release


ARUBA WSIRT SECURITY PROCEDURES

Complete information on reporting security vulnerabilities in Aruba
Wireless Networks products, obtaining assistance with security incidents
is available at
~      http://www.arubanetworks.com/support/wsirt.php


For reporting *NEW* Aruba Networks security issues, email can be sent to
wsirt(at)arubanetworks.com or security(at)arubanetworks.com. For
sensitive information we encourage the use of PGP encryption. Our public
keys can be found at
	http://www.arubanetworks.com/support/wsirt.php


~      (c) Copyright 2008 by Aruba Networks, Inc.
This advisory may be redistributed freely after the release date given
at the top of the text, provided that redistributed copies are complete
and unmodified, including all date and version information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFIK37cp6KijA4qefURAjWEAKC3plExe5/hjXvUU5huEV52b1O4MQCgnx4E
XIJratDXAqBC+Wu5mV6BsLo=
=0Dse
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ