Vigil@nce: ArubaOS, denial of service via EAP
December 2008 by Vigil@nce
An attacker can send a malicious EAP frame in order to create a
denial of service in Aruba Mobility Controller.
– Gravity: 2/4
– Consequences: denial of service of service
– Provenance: radio connection
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 09/12/2008
IMPACTED PRODUCTS
– Aruba Networks ArubaOS
DESCRIPTION
The EAP (Extensible Authentication Protocol) protocol is used for
the standard or wireless (802.11 with WPA and WPA2 Enterprise)
authentication.
When Aruba Mobility Controller receives a malicious EAP frame, the
current process stops. Technical details are unknown.
A new process is automatically restarted, and thus the denial of
service is temporary.
An attacker can therefore send a malicious EAP frame in order to
create a denial of service in Aruba Mobility Controller.
CHARACTERISTICS
– Identifiers: AID-12808, BID-32694, VIGILANCE-VUL-8298
– Url: http://vigilance.fr/vulnerability/8298