W.S.I.R.T Advisories

February 2007

• AID-021307

  2/13/07 - Aruba Mobility Controller Guest User Privilege Escalation

• AID-021307b

  2/13/07 - Mobility Controller Management Interface Buffer Overflow

November 2005

• AID-111405

  11/14/05 - VPN ISAKMP Message Processing Denial of Service

June 2005

• AID-06142005

  6/14/05 - SSH tunneling (port forwarding) through the Aruba devices is allowed

May 2005

• AID-05102005

  5/10/05 - IPsec configurations may be vulnerable to information disclosure

April 2005

• AID-041905

  4/19/05 - Risk of multiple Denial of Service attacks using modified ICMP packets

February 2005

• AID-02102005

  2/10/05 - Aruba switches are vulnerable to a PPTP exploit

June 2004

• AID-06152004

  6/15/04 - ISC DHCP contains C includes that define "vsnprintf" to "vsprintf" creating potential buffer overflow conditions

• AID-06142004

  6/14/04 - ISC DHCPD contains a stack buffer overflow vulnerability in handling log lines containing ASCII characters only

April 2004

• AID-04172004

  11/18/03 - SSH vulnerabilities

November 2003

• AID-11182003

  4/17/04 - IEEE 802.11 wireless network protocol DSSS CCA algorithm vulnerable to denial of service