---------------哈希：sha1 - - - - - - - - - - - - - - - - - ------------------------------------------------- ARUBA无线网络安全咨询标题：ISC DHCPD包含堆栈缓冲区溢出漏洞在处理日志行中包含ASCII字符的日志线Aruba咨询ID：AID-06142004修订版：1.0公共发布于19:00（GMT）参考文献：CAN-2004-0460 / CERT漏洞注意事项VU＃317350 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ----------------------------------------------------摘要特制DHCP数据包导致互联网软件联盟（ISC）DHCPD服务器中的堆栈溢出。Aruba网络产品不受此漏洞的影响。产品和固件版本受影响的硬件：没有Aruba无线网络平台受到影响软件：没有Aruba可用版本受到影响的详细信息，此问题可能导致运行ISC的机器的堆栈溢出和最终崩溃。虽然尚不清楚是否可以使用溢出来执行任意代码，但这不应该对Aruba无线网络产品引起问题，因为它们不受证书通知中描述的数据包的影响。影响没有。解决方法不需要实现替代方法。 SOLUTION Aruba products were tested against this possible attack and are not vulnerable to it. OBTAINING FIXED FIRMWARES There is no special firmware needed to address the issue described above. Aruba Support contacts are as follows: 1-800-WiFiLAN (1-800-943-4526) (toll free from within North America) +1-408-754-1200 (toll call from anywhere in the world) e-mail: support(at)arubanetworks.com web: //www.nexbus-cng.com/support Please, do not contact either "wsirt(at)arubanetworks.com" or "security(at)arubanetworks.com" for software upgrades. EXPLOITATION AND PUBLIC ANNOUNCEMENTS This vulnerability will be announced at http://www.kb.cert.org/vuls STATUS OF THIS NOTICE: Final Although Aruba Wireless networks cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Aruba Wireless Networks does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Aruba Wireless Networks may update this advisory. A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. DISTRIBUTION OF THIS ANNOUCEMENT This advisory will be posted on Aruba's website at //www.nexbus-cng.com/support/wsirt/alerts/AID-06142004.asc In addition to worldwide web posting, a text version of this notice is clear-signed with the Aruba WSIRT PGP and is posted to the following e-mail recipients. * cert@cert.org Future updates of this advisory, if any, will be placed on Aruba's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. REVISION HISTORY Revision 1.0 /06-14-2004 / Initial release ARUBA WSIRT SECURITY PROCEDURES Complete information on reporting security vulnerabilities in Aruba Wireless Networks products, obtaining assistance with security incidents is available at //www.nexbus-cng.com/support/wsirt.php For reporting *NEW* Aruba Wireless Networks security issues, email can be sent to wsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at //www.nexbus-cng.com/support/wsirt.php (c) Copyright 2004 by Aruba Wireless Networks, Inc. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGeFnnp6KijA4qefURAqf9AJ98OhPwPwbMiNiJ02ak/93idGlWtwCfVqGq YbjyY28czX9nfBURbz83Nh0= =2wzN -----END PGP SIGNATURE-----