CVE-2009-3836

Description

ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the Aruba Mobility Controller allows remote attackers to cause a denial of service (Access Point crash) via a malformed 802.11 Association Request management frame.

Affected products

• arubanetworks / aruba_mobility_controller
• arubanetworks / arubaos3.3.1.16 – 3.3.1.16
• arubanetworks / arubaos3.3.1.29 – 3.3.1.29
• arubanetworks / arubaos3.3.1.30 – 3.3.1.30
• arubanetworks / arubaos3.1.1 – 3.1.1
• arubanetworks / arubaos3.3.2.14 – 3.3.2.14
• arubanetworks / arubaos3.4.0 – 3.4.0
• arubanetworks / arubaos3.3.2.6 – 3.3.2.6

References

• MISChttp://www.arubanetworks.com/support/alerts/aid-102609.asc
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/3051
• MISChttp://www.securityfocus.com/bid/36832
• VENDOR_ADVISORYhttp://secunia.com/advisories/37085