Description
Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings.
Affected products
- Alcatel-Lucent / omniaccess_wireless43xx – 43xx
- Alcatel-Lucent / omniaccess_wireless6000 – 6000
- Aruba / mobility_controller200 – 200
- Aruba / mobility_controller800 – 800
- Aruba / mobility_controller2400 – 2400
- Aruba / mobility_controller6000 – 6000
References
- MISChttp://www.securityfocus.com/archive/1/459928/100/0/threaded
- MISChttp://www.kb.cert.org/vuls/id/319913
- VENDOR_ADVISORYhttp://secunia.com/advisories/24144
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/32459
- MISChttp://www.securityfocus.com/bid/22538
- MISChttp://osvdb.org/33184
- MISChttp://securityreason.com/securityalert/2244
- MAILING_LISThttp://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052380.html