Vulnerability Note VU#319913
Aruba Mobility Controller Management Interface contains a buffer overflow
Overview
The Aruba Mobility Controller Management Interface contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.
Description
The Aruba Mobility Controllers are used to process and control network traffic in a wireless network. The Aruba Mobility Controller Management Interface is a utility used to configure and manage the Aruba Mobility Controllers. The management interface can be accessed via a command line or a web-based interface. The Aruba Mobility Controller Management Interface fails to properly handle malformed input allowing a buffer overflow to occur. If the Aruba Mobility Controller Management Interface is configured for remote management, this vulnerability can be triggered remotely. |
Impact
A remote attacker may be able to execute arbitrary code on the affected Mobility Controller. |
Solution
Apply a patch from Aruba |
|
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Aruba Networks, Inc. | Vulnerable | 09 Feb 2007 | 13 Feb 2007 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://secunia.com/advisories/24144/
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052382.html
Credit
This vulnerability was reported by Aruba Networks.
This document was written by Jeff Gennari.
Other Information
- CVE IDs: Unknown
- Date Public: 12 Feb 2007
- Date First Published: 13 Feb 2007
- Date Last Updated: 13 Feb 2007
- Severity Metric: 6.42
- Document Revision: 12
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
