-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aruba Wireless Networks Security Advisory Title: SSH tunneling allowed through Aruba devices Aruba Advisory ID: AID-06142005 Revision: 1.0 For Public Release on 06/14/2005 at 5:00 (GMT)参考:- ----------------------------------------------------------------------- 摘要SSH隧道(端口转发)通过阿鲁巴岛设备是被允许的。产品和固件版本受影响硬件:所有Aruba无线网络设备受影响软件:Aruba无线网络软件版本2.2.0.0到2.4.0.0受影响详细信息安全shell或SSH既是一个程序，也是一个网络协议，用于登录和执行远程设备上的命令。它的目的是在网络上的两台主机之间提供安全的加密通信。然而，SSH协议还包含一个特性，允许通过第三台主机创建本地和远程隧道，从host1到host2。影响Aruba设备的问题是管理用户可能通过交换机建立SSH远程隧道。影响用户可以通过交换机将任何类型的流量通过SSH隧道传输到远端设备。解决方案固件版本2.2.5.3 build 10513, 2.3.4.12 build 10533和2.4.0.4 build 10563以及更高版本包含此问题的修复。获得固定固件阿鲁巴客户可以在支持网站上获得固件。阿鲁巴的支持联系方式如下:1-800-WiFiLAN(1-800-943-4526)(北美地区免费)+1-408-754-1200(世界任何地方的长途电话)电子邮件:Support (at)arubanetworks.com web: //www.nexbus-cng.com/support Please, do not contact either "wsirt(at)arubanetworks.com" or "security(at)arubanetworks.com" for software upgrades. EXPLOITATION AND PUBLIC ANNOUNCEMENTS This vulnerability will be announced at //www.nexbus-cng.com/support/wsirt/alerts/aid-06142005.asc STATUS OF THIS NOTICE: Final Although Aruba Wireless networks cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Aruba Wireless Networks does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Aruba Wireless Networks may update this advisory. A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. DISTRIBUTION OF THIS ANNOUCEMENT This advisory will be posted on Aruba's website at //www.nexbus-cng.com/support/wsirt/alerts/aid-06142005.asc Future updates of this advisory, if any, will be placed on Aruba's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. REVISION HISTORY Revision 1.0 /06-14-2005 / Initial release ARUBA WSIRT SECURITY PROCEDURES Complete information on reporting security vulnerabilities in Aruba Wireless Networks products, obtaining assistance with security incidents is available at //www.nexbus-cng.com/support/wsirt.php For reporting *NEW* Aruba Wireless Networks security issues, email can be sent to wsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at //www.nexbus-cng.com/support/wsirt.php (c) Copyright 2005 by Aruba Wireless Networks, Inc. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGeFmgp6KijA4qefURAsmNAJ92yQd/CBvMPbrDPOQXa6qnC76zpACgyAGr gwzA/V6KIAQoCIuYtomc9R8= =kw59 -----END PGP SIGNATURE-----