The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Aruba Networks ArubaOS

threat CVE-2017-13077 CVE-2017-13078 CVE-2017-13079

WPA2: information disclosure via Key Reinstallation Attacks

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Key Reinstallation Attacks of WPA2, in order to obtain sensitive information.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 10.
Creation date: 16/10/2017.
Identifiers: ARUBA-PSA-2017-007, CERTFR-2017-ALE-014, CERTFR-2017-AVI-357, CERTFR-2017-AVI-358, CERTFR-2017-AVI-359, CERTFR-2017-AVI-360, CERTFR-2017-AVI-361, CERTFR-2017-AVI-363, CERTFR-2017-AVI-373, CERTFR-2017-AVI-379, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-441, CERTFR-2017-AVI-478, CERTFR-2018-AVI-014, CERTFR-2018-AVI-048, cisco-sa-20171016-wpa, CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088, DLA-1150-1, DLA-1200-1, DLA-1573-1, DSA-3999-1, FEDORA-2017-12e76e8364, FEDORA-2017-45044b6b33, FEDORA-2017-60bfb576b7, FEDORA-2017-cfb950d8f4, FEDORA-2017-fc21e3856b, FG-IR-17-196, FreeBSD-SA-17:07.wpa, HT208221, HT208222, HT208334, HT208394, JSA10827, K-511282, KRACK Attacks, openSUSE-SU-2017:2755-1, openSUSE-SU-2017:2846-1, openSUSE-SU-2017:2896-1, openSUSE-SU-2017:2905-1, openSUSE-SU-2017:3144-1, RHSA-2017:2907-01, RHSA-2017:2911-01, SSA:2017-291-02, SSA-418456, SSA-901333, STORM-2017-005, SUSE-SU-2017:2745-1, SUSE-SU-2017:2752-1, SUSE-SU-2017:2847-1, SUSE-SU-2017:2869-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, SUSE-SU-2017:3106-1, SUSE-SU-2017:3165-1, SUSE-SU-2017:3265-1, SUSE-SU-2017:3267-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0171-1, Synology-SA-17:60, Synology-SA-17:60 KRACK, USN-3455-1, USN-3505-1, VIGILANCE-VUL-24144, VU#228519.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Key Reinstallation Attacks of WPA2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2017-9000 CVE-2017-9003

ArubaOS: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ArubaOS.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/10/2017.
Identifiers: ARUBA-PSA-2017-006, CVE-2017-9000, CVE-2017-9003, VIGILANCE-VUL-24114.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of ArubaOS.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2017-13704 CVE-2017-14491 CVE-2017-14492

Dnsmasq: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Dnsmasq.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 7.
Creation date: 02/10/2017.
Identifiers: ARUBA-PSA-2017-005, CERTFR-2017-AVI-329, CVE-2017-13704, CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, DLA-1124-1, DSA-3989-1, FEDORA-2017-24f067299e, FEDORA-2017-515264ae24, openSUSE-SU-2017:2633-1, OSSN/OSSN-0082, RHSA-2017:2836-01, RHSA-2017:2837-01, RHSA-2017:2838-01, RHSA-2017:2839-01, RHSA-2017:2840-01, RHSA-2017:2841-01, SSA:2017-275-01, SUSE-SU-2017:2616-1, SUSE-SU-2017:2617-1, SUSE-SU-2017:2619-1, Synology-SA-17:59, USN-3430-1, USN-3430-2, USN-3430-3, VIGILANCE-VUL-24005, VU#973527.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Dnsmasq.
Full Vigil@nce bulletin... (Free trial)

computer weakness note 22652

HPE Aruba, HPE ProVision: information disclosure via Diffie Hellman Group1 Sha1

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Diffie Hellman Group1 Sha1 of HPE Aruba, HPE ProVision, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 05/05/2017.
Identifiers: HPESBHF03736, VIGILANCE-VUL-22652.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Diffie Hellman Group1 Sha1 of HPE Aruba, HPE ProVision, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 20524

Aruba, Alcatel: known private key for securelogin

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on Aruba and Alcatel, in order to read or write data in the session.
Severity: 3/4.
Creation date: 06/09/2016.
Identifiers: VIGILANCE-VUL-20524.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Aruba and Alcatel-Lucent OmniAccess products use the "securelogin.arubanetworks.com" certificate, for the following features:
 - captive portal
 - web administration
 - WPA2-Enterprise 801.X authentication

However, the private key of this certificate was published.

An attacker can therefore act as a Man-in-the-Middle on Aruba and Alcatel, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2016-0801 CVE-2016-0802

ArubaOS: memory corruption via Broadcom Wi-Fi

Synthesis of the vulnerability

An attacker can generate a memory corruption in Broadcom Wi-Fi of ArubaOS, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/05/2016.
Identifiers: ARUBA-PSA-2016-007, CERTFR-2016-AVI-167, CVE-2016-0801, CVE-2016-0802, VIGILANCE-VUL-19610.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a memory corruption in Broadcom Wi-Fi of ArubaOS, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security announce 19609

ArubaOS: out-of-bounds memory reading

Synthesis of the vulnerability

An attacker can force a read at an invalid address of ArubaOS, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 12/05/2016.
Identifiers: ARUBA-PSA-2016-007, CERTFR-2016-AVI-167, VIGILANCE-VUL-19609.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address of ArubaOS, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2016-2031 CVE-2016-2032

ArubaOS: multiple vulnerabilities of PAPI

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PAPI of ArubaOS.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/05/2016.
Identifiers: ARUBA-PSA-2016-004, ARUBA-PSA-2016-005, ARUBA-PSA-2016-006, CERTFR-2016-AVI-152, CVE-2016-2031, CVE-2016-2032, VIGILANCE-VUL-19553.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of PAPI of ArubaOS.
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2015-7547

glibc: buffer overflow of getaddrinfo

Synthesis of the vulnerability

An attacker, who owns a malicious DNS server, can reply with long data to a client application using the getaddrinfo() function of the glibc, in order to trigger a denial of service, and possibly to run code in the client application.
Severity: 4/4.
Creation date: 16/02/2016.
Revision date: 17/02/2016.
Identifiers: 046146, 046151, 046153, 046155, 046158, 1977665, 478832, 479427, 479906, 480572, 480707, 480708, ARUBA-PSA-2016-001, BSA-2016-003, BSA-2016-004, CERTFR-2016-AVI-066, CERTFR-2016-AVI-071, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cisco-sa-20160218-glibc, CTX206991, CVE-2015-7547, ESA-2016-020, ESA-2016-027, ESA-2016-028, ESA-2016-029, ESA-2016-030, FEDORA-2016-0480defc94, FEDORA-2016-0f9e9a34ce, JSA10774, KB #4858, openSUSE-SU-2016:0490-1, openSUSE-SU-2016:0510-1, openSUSE-SU-2016:0511-1, openSUSE-SU-2016:0512-1, PAN-SA-2016-0021, RHSA-2016:0175-01, RHSA-2016:0176-01, RHSA-2016:0225-01, SA114, SB10150, SOL47098834, SSA:2016-054-02, SSA-301706, SUSE-SU-2016:0470-1, SUSE-SU-2016:0471-1, SUSE-SU-2016:0472-1, SUSE-SU-2016:0473-1, USN-2900-1, VIGILANCE-VUL-18956, VMSA-2016-0002, VMSA-2016-0002.1, VN-2016-003.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The glibc library implements a DNS resolver (libresolv).

An application can thus call the getaddrinfo() function, which queries DNS servers. When the AF_UNSPEC type is used in the getaddrinfo() call, two DNS A and AAAA queries are sent simultaneously. However, this special case, and a case with AF_INET6 are not correctly managed, and lead to an overflow if the reply coming from the DNS server is larger than 2048 bytes.

An attacker, who owns a malicious DNS server, can therefore reply with large data to a client application using the getaddrinfo() function of the glibc, in order to trigger a denial of service, and possibly to run code in the client application.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-8605

ISC DHCP: buffer overflow of decode_udp_ip_header

Synthesis of the vulnerability

An attacker can generate a buffer overflow by sending an IPv4+UDP packet to an ISC DHCP client or server, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 13/01/2016.
Identifiers: AA-01334, ARUBA-PSA-2016-007, CERTFR-2016-AVI-167, CVE-2015-8605, DSA-2019-131, DSA-3442-1, FEDORA-2016-0c5bb21bf1, FEDORA-2016-adb533a418, openSUSE-SU-2016:0601-1, openSUSE-SU-2016:0610-1, SOL57500018, SSA:2016-012-01, STORM-2015-018, USN-2868-1, VIGILANCE-VUL-18707.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The DHCP protocol uses UDP packets.

The decode_udp_ip_header() function of the common/packet.c file of ISC DHCP decodes these UDP packets. However, if the size indicated in the IPv4 header for UDP data is too large, an overflow occurs.

An attacker can therefore generate a buffer overflow by sending an IPv4+UDP packet to an ISC DHCP client or server, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Aruba Networks ArubaOS: