Home page logo
/

bugtraq logo Bugtraq mailing list archives

Aruba Networks Advisory ID: AID-102609 - Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point
From: Robbie Gill <rgill () arubanetworks com>
Date: Mon, 26 Oct 2009 15:30:57 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aruba Networks Security Advisory

Title: Malformed 802.11 Association Request frame causes Denial of
Service condition on an Access Point.

Aruba Advisory ID: AID-102609
Revision: 1.0

For Public Release on 10/26/2009

+----------------------------------------------------

SUMMARY

A Denial of Service (DoS) vulnerability was discovered during standard
bug reporting procedures. A malformed 802.11 association request frame
causes a crash on the Access Point (AP) causing a temporary DoS
condition for wireless clients. Prior successful security association
with the wireless network is not required to cause this condition. The
AP recovers automatically by restarting itself.


AFFECTED ArubaOS VERSIONS

 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, 3.3.2.x-FIPS

 Note: ArubaOS 2.5 is not affected by this issue.

DETAILS

Association Request management frame is used by wireless clients in a
WLAN to initiate an association with the wireless network and negotiate
various connection parameters. A malformed association frame may cause a
crash on the Aruba APs. An attacking station does not need to have
completed a successful security association prior to launching this
attack since association frame is an unprotected management frame. This
vulnerability affects all Aruba APs.


IMPACT

An attacker can inject a malformed association request frame and cause
an AP to crash. This causes a service outage for all clients connected
to that AP. The AP recovers automatically by restarting.  An attacker
could however cause a prolonged DoS condition by flooding the WLAN with
malicious association request frames.

This vulnerability applies equally to both encrypted and unencrypted
WLANs. This vulnerability does not affect wired devices connected the
Aruba Mobility Controller.

CVSS v2 BASE METRIC SCORE: 6.1 (AV:A/AC:L/Au:N/C:N/I:N/A:C)


WORKAROUNDS

Aruba Networks recommends that all customers apply the appropriate
patch(es) as soon as practical. There is no known workaround for this
particular issue.


SOLUTION

Aruba Networks recommends that all customers apply the appropriate
patch(es) as soon as practical.

The following patches have the fix (any newer patch will also have the fix):

- - - - 3.3.1.30
- - - - 3.3.2.18
- - - - RN 3.1.1
- - - - 3.4.0.3
- - - - 3.3.2.14-FIPS

Please note: We highly recommend that you upgrade your Mobility
Controller to the latest available patch on the Aruba support site
corresponding to your currently installed release.


+----------------------------------------------------

OBTAINING FIXED FIRMWARE

Aruba customers can obtain the firmware on the support website:
        http://www.arubanetworks.com/support.

Aruba Support contacts are as follows:

        1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)

        +1-408-754-1200 (toll call from anywhere in the world)

        e-mail: support(at)arubanetworks.com

Please, do not contact either "wsirt(at)arubanetworks.com" or
"security(at)arubanetworks.com" for software upgrades.


EXPLOITATION AND PUBLIC ANNOUNCEMENTS

This vulnerability will be announced at

Aruba W.S.I.R.T. Advisory:
http://www.arubanetworks.com/support/alerts/aid-102609.asc

SecurityFocus Bugtraq
http://www.securityfocus.com/archive/1


STATUS OF THIS NOTICE: Final

Although Aruba Networks cannot guarantee the accuracy of all statements
in this advisory, all of the facts have been checked to the best of our
ability. Aruba Networks does not anticipate issuing updated versions of
this advisory unless there is some material change in the facts. Should
there be a significant change in the facts, Aruba Networks may update
this advisory.

A stand-alone copy or paraphrase of the text of this security advisory
that omits the distribution URL in the following section is an uncontrolled
copy, and may lack important information or contain factual errors.


DISTRIBUTION OF THIS ANNOUNCEMENT

This advisory will be posted on Aruba's website at:
http://www.arubanetworks.com/support/alerts/aid-102609.asc


Future updates of this advisory, if any, will be placed on Aruba's worldwide
website, but may or may not be actively announced on mailing lists or
newsgroups. Users concerned about this problem are encouraged to check the
above URL for any updates.


REVISION HISTORY

      Revision 1.0 / 10-26-2009 / Initial release


ARUBA WSIRT SECURITY PROCEDURES

Complete information on reporting security vulnerabilities in Aruba Networks
products, obtaining assistance with security incidents is available at
      http://www.arubanetworks.com/support/wsirt.php


For reporting *NEW* Aruba Networks security issues, email can be sent to
wsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive
information we encourage the use of PGP encryption. Our public keys can be
found at
        http://www.arubanetworks.com/support/wsirt.php


      (c) Copyright 2009 by Aruba Networks, Inc.
This advisory may be redistributed freely after the release date given at
the top of the text, provided that redistributed copies are complete and
unmodified, including all date and version information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrmIyEACgkQp6KijA4qefW5qwCgkHyuUtvQWoLzr+XnKveRPsEr
rlsAn33CBHQs/TKBRVkx2sAo8qEF2MGs
=c+5s
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • Aruba Networks Advisory ID: AID-102609 - Malformed 802.11 Association Request frame causes Denial of Service condition on an Access Point Robbie Gill (Oct 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault