188金宝搏的网址_188金博的官方网址导航

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aruba Product Security Advisory =============================== Advisory ID: Aruba - psa -2016-006 CVE: N/A发布日期:2016- 5月4日状态:已确认修订:1标题===== ArubaOS PAPI漏洞概述========此建议提醒客户PAPI协议不是安全协议。虽然这一信息之前已经被披露，谷歌安全团队(专注于Aruba Instant)即将公开的披露将指出该协议的脆弱细节，并引起攻击者社区的注意。受影响产品================= - ArubaOS(所有版本)详细信息======= PAPI协议不安全===========================包括ArubaOS在内的Aruba产品使用PAPI协议实现多种管理和控制功能。默认情况下，ArubaOS使用在IPsec中封装的PAPI来实现这些功能——这一特性被称为“CPsec”或“控制平面安全”。然而，一些PAPI的使用仍然是不受保护的。此外，一些客户选择禁用CPsec，因为它是一个可配置的特性。PAPI协议包含一些未修复的缺陷，包括:- MD5消息摘要不正确验证收到爸爸加密协议是弱——所有阿鲁巴岛设备使用一个通用的静态消息验证的关键伙伴文档名为“控制飞机的安全最佳实践”已经出版,并包含一个完整的解释如何使用爸爸和暴露的潜在风险。这个文档的最新更新发布在http://support.arubanetworks.com的announcement选项卡下(需要登录)。 Resolution ========== Please see the companion document "Control Plane Security Best Practices", which is posted on http://support.arubanetworks.com under the Announcements tab (login is required). This document contains full details. Depending on network configuration and risk tolerance, no action may be required. Revision History ================ Revision 1 / 2016-May-04 / Initial release Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at: //www.nexbus-cng.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to sirt(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: //www.nexbus-cng.com/support-services/security-bulletins/ (c) Copyright 2016 by Aruba, a Hewlett Packard Enterprise company This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXKhZkAAoJEJj+CcpFhYbZyssIAI0Ywfn121BqadMJOXkf+1yp hxnqCPNt2LpMQywR6KV1hP081bKoCyqEGQrCr9SjhClFc7peRXbbOAX4btI0FeRA Cdaq2G/IJZCHawt720RpwjUp2i0H33t/MTfvlEFgVeA3elznbjPd2ehWraYPhxvx GZOHI5HOD//u6WfbZprt3lh9BAP1Schw4HhaJQRBeEm8R1jlVKTjJoIbBJ8VDWeW FnVc/WbOVKxQ/7p64dxYIqwdoY4U1HlOJZ7P98NGX5hqNjPCKTI6+bngV3K8a2JB QtV+zUva5eb3wK+VLMeS0fhJZflt/nhdIfVVG/BVU9GdtZs5pLU7G8mdK+yeaxs= =HdJs -----END PGP SIGNATURE-----