Vigil@nce: ArubaOS, denial of service via 802.11 Association Request
October 2009 by Vigil@nce
An attacker can send a malformed 802.11 Association Request frame,
in order to restart ArubaOS.
– Severity: 1/4
– Consequences: denial of service of computer
– Provenance: radio connection
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 27/10/2009
IMPACTED PRODUCTS
– Aruba Networks ArubaOS
DESCRIPTION OF THE VULNERABILITY
The 802.11 protocol (Wi-Fi) uses several Management type frames:
– Association Request (0) : negotiation of parameters, before any
authentication
– Beacon (8) : periodical publication of the SSID
– Authentication (11)
– etc.
When an ArubaOS access point receives a malformed Association
Request frame, it restarts. Technical details are unknown.
An attacker can therefore send a malformed 802.11 Association
Request frame, in order to create a denial of service.
CHARACTERISTICS
– Identifiers: AID-102609, VIGILANCE-VUL-9127
– Url: http://vigilance.fr/vulnerability/ArubaOS-denial-of-service-via-802-11-Association-Request-9127