Details of VAR-200702-0267

ID

VAR-200702-0267

CVE

CVE-2007-0931

TITLE

Aruba Mobility Controller vulnerable to privilege escalation

Trust: 0.8

sources: CERT/CC: VU#613833

DESCRIPTION

Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings. The Aruba Mobility Controller Management Interface contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Aruba Mobility Controller is prone to multiple vulnerabilities that may lead to authentication bypass, remote code execution, denial-of-service conditions. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. 2) An error in the guest account authentication process within the Captive Portal can be exploited to e.g. gain access to administrative sections without specifying a password. SOLUTION: Update to the latest patched firmware version. https://support.arubanetworks.com PROVIDED AND/OR DISCOVERED BY: John Munther and Maxim Salomon, n.runs AG ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052382.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052380.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.51

sources: NVD: CVE-2007-0931 // CERT/CC: VU#613833 // CERT/CC: VU#319913 // JVNDB: JVNDB-2007-001567 // BID: 22538 // VULHUB: VHN-24293 // PACKETSTORM: 54377

AFFECTED PRODUCTS

vendor:	aruba	model:	mobility controller	scope:	eq	version:	200	Trust: 2.4
vendor:	aruba	model:	mobility controller	scope:	eq	version:	800	Trust: 2.4
vendor:	aruba	model:	mobility controller	scope:	eq	version:	2400	Trust: 2.4
vendor:	aruba	model:	-	scope:	-	version:	-	Trust: 1.6
vendor:	aruba	model:	mobility controller	scope:	eq	version:	6000	Trust: 1.6
vendor:	alcatel lucent	model:	omniaccess wireless	scope:	eq	version:	6000	Trust: 1.0
vendor:	alcatel lucent	model:	omniaccess wireless	scope:	eq	version:	43xx	Trust: 1.0
vendor:	alcatel lucent	model:	omniaccess wireless	scope:	eq	version:	43xx and 6000	Trust: 0.8
vendor:	aruba	model:	mobility controller	scope:	eq	version:	and 6000	Trust: 0.8
vendor:	aruba	model:	networks aruba mobility controller	scope:	eq	version:	2.0	Trust: 0.3
vendor:	aruba	model:	networks aruba mobility controller	scope:	eq	version:	800	Trust: 0.3
vendor:	aruba	model:	networks aruba mobility controller	scope:	eq	version:	6000	Trust: 0.3
vendor:	aruba	model:	networks aruba mobility controller	scope:	eq	version:	6.1.2.6	Trust: 0.3
vendor:	aruba	model:	networks aruba mobility controller	scope:	eq	version:	2400	Trust: 0.3
vendor:	alcatel lucent	model:	omniaccess wireless	scope:	eq	version:	60000	Trust: 0.3
vendor:	alcatel lucent	model:	omniaccess wireless	scope:	eq	version:	43xx0	Trust: 0.3

sources: CERT/CC: VU#613833 // CERT/CC: VU#319913 // BID: 22538 // JVNDB: JVNDB-2007-001567 // CNNVD: CNNVD-200702-305 // NVD: CVE-2007-0931

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0931
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#613833
value:	4.68
Trust: 0.8
CARNEGIE MELLON:	VU#319913
value:	6.42
Trust: 0.8
NVD:	CVE-2007-0931
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200702-305
value:	HIGH
Trust: 0.6
VULHUB:	VHN-24293
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-0931
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-24293
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#613833 // CERT/CC: VU#319913 // VULHUB: VHN-24293 // JVNDB: JVNDB-2007-001567 // CNNVD: CNNVD-200702-305 // NVD: CVE-2007-0931

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0931

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200702-305

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200702-305

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001567

PATCH

title:	Top Page	url:	http://www.alcatel-lucent.com/	Trust: 0.8
title:	Top Page	url:	http://www.arubanetworks.com/	Trust: 0.8

sources: JVNDB: JVNDB-2007-001567

EXTERNAL IDS

db:	SECUNIA	id:	24144	Trust: 3.4
db:	NVD	id:	CVE-2007-0931	Trust: 2.8
db:	CERT/CC	id:	VU#319913	Trust: 2.5
db:	BID	id:	22538	Trust: 2.0
db:	OSVDB	id:	33184	Trust: 1.7
db:	SREASON	id:	2244	Trust: 1.7
db:	CERT/CC	id:	VU#613833	Trust: 0.8
db:	JVNDB	id:	JVNDB-2007-001567	Trust: 0.8
db:	CNNVD	id:	CNNVD-200702-305	Trust: 0.7
db:	XF	id:	32459	Trust: 0.6
db:	FULLDISC	id:	20070213 ARUBA MOBILITY CONTROLLER MANAGEMENT BUFFER OVERFLOW	Trust: 0.6
db:	BUGTRAQ	id:	20070213 ARUBA MOBILITY CONTROLLER MANAGEMENT BUFFER OVERFLOW	Trust: 0.6
db:	VULHUB	id:	VHN-24293	Trust: 0.1
db:	PACKETSTORM	id:	54377	Trust: 0.1

sources: CERT/CC: VU#613833 // CERT/CC: VU#319913 // VULHUB: VHN-24293 // BID: 22538 // JVNDB: JVNDB-2007-001567 // PACKETSTORM: 54377 // CNNVD: CNNVD-200702-305 // NVD: CVE-2007-0931

REFERENCES

url:	http://lists.grok.org.uk/pipermail/full-disclosure/2007-february/052380.html	Trust: 2.6
url:	http://secunia.com/advisories/24144/	Trust: 1.7
url:	http://www.securityfocus.com/bid/22538	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/319913	Trust: 1.7
url:	http://osvdb.org/33184	Trust: 1.7
url:	http://secunia.com/advisories/24144	Trust: 1.7
url:	http://securityreason.com/securityalert/2244	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/459928/100/0/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/32459	Trust: 1.1
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2007-february/052382.html	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0931	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0931	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/32459	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/459928/100/0/threaded	Trust: 0.6
url:	http://www.arubanetworks.com/	Trust: 0.3
url:	https://support.arubanetworks.com/	Trust: 0.3
url:	/archive/1/459928	Trust: 0.3
url:	/archive/1/459927	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/13472/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/software_inspector/	Trust: 0.1
url:	http://secunia.com/product/13471/	Trust: 0.1
url:	https://support.arubanetworks.com	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/13473/	Trust: 0.1
url:	http://secunia.com/product/13474/	Trust: 0.1

CREDITS

Jan Mnther , Maxim Salomon <n.runs>

Trust: 0.6

sources: CNNVD: CNNVD-200702-305

SOURCES

db:	CERT/CC	id:	VU#613833
db:	CERT/CC	id:	VU#319913
db:	VULHUB	id:	VHN-24293
db:	BID	id:	22538
db:	JVNDB	id:	JVNDB-2007-001567
db:	PACKETSTORM	id:	54377
db:	CNNVD	id:	CNNVD-200702-305
db:	NVD	id:	CVE-2007-0931

LAST UPDATE DATE

2025-04-10T23:01:22.271000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#613833	date:	2007-02-13T00:00:00
db:	CERT/CC	id:	VU#319913	date:	2007-02-13T00:00:00
db:	VULHUB	id:	VHN-24293	date:	2018-10-16T00:00:00
db:	BID	id:	22538	date:	2016-07-06T14:40:00
db:	JVNDB	id:	JVNDB-2007-001567	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200702-305	date:	2007-08-03T00:00:00
db:	NVD	id:	CVE-2007-0931	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#613833	date:	2007-02-13T00:00:00
db:	CERT/CC	id:	VU#319913	date:	2007-02-13T00:00:00
db:	VULHUB	id:	VHN-24293	date:	2007-02-14T00:00:00
db:	BID	id:	22538	date:	2007-02-13T00:00:00
db:	JVNDB	id:	JVNDB-2007-001567	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	54377	date:	2007-02-14T19:41:53
db:	CNNVD	id:	CNNVD-200702-305	date:	2007-02-14T00:00:00
db:	NVD	id:	CVE-2007-0931	date:	2007-02-14T11:28:00