188金宝搏的网址_188金博的官方网址导航

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba产品安全咨询===============================咨询ID: Aruba - psa -2016-001 CVE: CVE-2015-7547发布日期:2015-02-18状态:已确认修订:2标题===== glibc getaddrinfo() Stack-Based Buffer Overflow Overview ======== GNU C库中的一个安全漏洞正在IT产品供应商社区中产生广泛的影响。Aruba网络受到此漏洞的影响，并将发布多个软件更新。公告的原文可在以下网址找到:https://googleonlinesecurity.blogspot.com/2016/02/cve - 2015 - 7547 - glibc getaddrinfo stack.html受影响的产品 ================= -- ClearPass,但不包括,6.5.6和6.6——电波(所有版本)——阿鲁巴岛7 xxx控制器运行版本,但不包括,6.3.1.21,6.4.2.16 6.4.3.7和6.4.4.5——云产品(激活,中)未受影响的产品=================== -阿鲁巴即时-阿鲁巴VIA -阿鲁巴6xx, 3xxx, M3，和其他遗留移动控制器(所有软件版本)——移动接入交换机详细信息=======一个能够回答来自受影响的Aruba产品的DNS查询的攻击者可能会以一种可能导致软件崩溃的方式制作响应。软件崩溃是否会对产品的整体功能造成致命影响仍在调查中。谷歌内部演示了基于此漏洞的远程代码执行。实现远程代码执行的攻击通常必须针对特定的应用程序进行高度定制。 The potential for remote code execution within affected Aruba products is currently unknown. Workarounds =========== The vulnerability is triggered through receipt of a malicious crafted DNS response. The following measures may provide mitigation against attacks: 1. Tightly control which DNS servers Aruba products are allowed to communicate with. Configure those DNS servers to limit responses to less than 2048 bytes for TCP and 512 bytes for UDP. 2. Prevent man-in-the-middle attacks between Aruba products and DNS servers by employing physical and network security best practices Resolution ========== The vulnerability will be addressed in the following versions: -- ArubaOS 6.3.1.21, 6.4.2.16, 6.4.3.7, and 6.4.4.5 -- ClearPass 6.5.6 and 6.6 -- AirWave may be updated immediately by logging into a root shell and running "yum update glibc". AirWave patches will also be published -- Cloud-based products are in the process of being updated Obtaining Fixed Software ======================== Aruba customers can obtain software updates on the support website: http://support.arubanetworks.com Aruba Support contacts are as follows: +1-800-WiFiLAN (1-800-943-4526) (toll free from within North America) +1-408-754-1200 (toll call from anywhere in the world) The full contact list is at: //www.nexbus-cng.com/support-services/support-program/contact-support/ e-mail: support(at)arubanetworks.com Please do not contact "sirt(at)arubanetworks.com" for software upgrades. Revision History ================ Revision 1.0 / 2016-Feb-18 / Initial release Revision 1.1 / 2016-Feb-19 / Updated to include ArubaOS 6.3 Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at: //www.nexbus-cng.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to sirt(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: //www.nexbus-cng.com/support-services/security-bulletins/ (c) Copyright 2016 by Aruba, a Hewlett Packard Enterprise company This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWx1aSAAoJEJj+CcpFhYbZACEH+gLbrWXZ+kpqxIYMX388GcqA 0luq2IwX8wlp0KaCysKVvJnHnPyDQWMLQ4Ji0juBkISyzTP7W848OysOkpi9bC+x ERVW49L3Tj1m+Nlc9cdEZuOMwQUSj3ItZsRiLBkXVpcig6+TFVbXctUPnzc+DDKX McpuTkBGYHtzjZzIL8dNV4oegx2fD6MJsxfiLQtLgQ78cElObuYgsMeqzYElcSW2 uZvYW6HrXRU5hRhnYEeb/CNqgbxKcGVYye8CofMfZCPjUPPeTa4ItnPxoAznorRg VBlA3h86ehMRezzye+TFDyqC/xPP6TTzd0Fb5L18aUOT43ZYrt1FVzzNSekLhsI= =TSim -----END PGP SIGNATURE-----