SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco Wireless LAN Controller Vendors:   Cisco
Cisco Wireless LAN Controller ARP Processing Lets Remote Users Deny Service
SecurityTracker Alert ID:  1018444
SecurityTracker URL:  http://securitytracker.com/id/1018444
CVE Reference:   CVE-2007-4011, CVE-2007-4012   (Links to External Site)
Updated:  Apr 24 2008
Original Entry Date:  Jul 24 2007
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.2 and prior versions, 4.0, 4.1
Description:   Several vulnerabilities were reported in Cisco Wireless LAN Controller. A remote user can cause denial of service conditions.

The device does not properly process certain Address Resolution Protocol (ARP) requests. A remote user can send an ARP request to trigger an ARP packet storm.

This may be triggered when two devices attached to the same set of Layer-2 VLANs each have a context for the wireless client (which can occur after a cross-subnet roam or when guest WLAN [auto-anchor] is configured).

The following hardware platforms may be affected:

Cisco 4100 Series Wireless LAN Controllers
Cisco 4400 Series Wireless LAN Controllers
Cisco Airespace 4000 Series Wireless LAN Controller
Cisco Catalyst 6500 Series Wireless Services Module (WiSM)
Cisco Catalyst 3750 Series Integrated Wireless LAN Controllers

Cisco has assigned Cisco Bug IDs CSCsj69233, CSCsj50374, and CSCsj70841 to these vulnerabilities.

Impact:   A remote user can cause denial of service conditions.
Solution:   The vendor has issued a fix.

The Cisco advisory is available at:

http://www.cisco.com/warp/public/707/cisco-sa-20070724-arp.shtml

Vendor URL:  www.cisco.com/warp/public/707/cisco-sa-20070724-arp.shtml (Links to External Site)
Cause:   State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC