RUCKUS ADVISORY ID 041414: OpenSSL 1.0.1 library's Heart bleed vulnerability - CVE-2014-0160
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 RUCKUS ADVISORY ID 041414 Customer release date: April 14, 2014 Public release date: April 14, 2014 TITLE OpenSSL 1.0.1 library's Heart bleed vulnerability - CVE-2014-0160 SUMMARY OpenSSL library is used in Ruckus products to implement various security related features. A vulnerability has been discovered in OpenSSL library which may allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server. An exploit could disclose portions of memory containing sensitive security material such as passwords and private keys. AFFECTED SOFTWARE VERSIONS AND DEVICES DeviceAffected software - - -- Smart Cell Gateway 1.1.x SmartCell Access Points NOT AFFECTED ZoneDirector Controllers NOT AFFECTED ZoneFlex Access Points NOT AFFECTED Any products or services not mentioned in the table above are not affected DETAILS A vulnerability has been discovered in the popular OpenSSL cryptographic software library. This weakness exists in OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). This vulnerability is due to a missing bounds check in implementation of the handling of the heartbeat extension. When exploited, this issue may lead to leak of memory contents from the server to the client and from the client to the server. These memory contents could contain sensitive security material such as passwords and private keys. IMPACT Ruckus devices incorporate OpenSSL library to implement various security related features. Below is list of the affected components: - - Administrative HTTPS Interface (Port 8443) CVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) WORKAROUNDS Ruckus recommends that all customers apply the appropriate patch(es) as soon as practical. However, in the event that a patch cannot immediately be applied, the following suggestions might help reduce the risk: - Do not expose administrative interfaces of Ruckus devices to untrusted networks such as the Internet. - Use a firewall to limit traffic to/from Ruckus device's administrative interface to trusted hosts. SOLUTION Ruckus recommends that all customers apply the appropriate patch(es) as soon as practical. The following software builds have the fix (any later builds will also have the fix): BranchSoftware Build - ----- 1.1.x1.1.2.0.142 DISCOVERY This vulnerability was disclosed online on various sources : - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 - - https://www.openssl.org/news/secadv_20140407.txt - - http://heartbleed.com/ OBTAINING FIXED FIRMWARE Ruckus customers can contact Ruckus support to obtain the fixed firmware Ruckus Support contact list is at: https://support.ruckuswireless.com/contact-us PUBLIC ANNOUNCEMENTS This security advisory will be made available for public consumption on April 14, 2014 at the following source Ruckus Website http://www.ruckuswireless.com/security SecurityFocus Bugtraq http://www.securityfocus.com/archive/1 Future updates of this advisory, if any, will be placed on Ruckus's website, but may or may not be actively announced on mailing lists. REVISION HISTORY Revision 1.0 / 14th April 2014 / Initial release RUCKUS WIRELESS SECURITY PROCEDURES Complete information on reporting security vulnerabilities in Ruckus Wireless products, obtaining assistance with security incidents is available at http://www.ruckuswireless.com/security For reporting new security issues, email can be sent to security(at)ruckuswireless.com For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.ruckuswireless.com/security STATUS OF THIS NOTICE: Final Although Ruckus cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Ruckus does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Ruckus may update this advisory. (c) Copyright 2014 by Ruckus Wireless This advisory may be redistributed freely after the public release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJTTBeuAAoJEFH6g5RLqzh1fRsIAJ9MtudIbdzR7mm/hP0i7boN MqlHAnFWai1c99UX048I9PSwWzWuEj4/1E4jy4vQqxLG8gO0YbAQiGq4DDGErCU0 AywV+p3Xlcn0SXp0vse/qnhOT0jVOOKXPZSokmoptQXbd28ZOYtGfMJozTvPh2vf
RUCKUS ADVISORY ID 10282013 - User authentication bypass vulnerability in Ruckus Access Point's administrative web interface
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 RUCKUS ADVISORY ID 10282013 Customer release date: Oct 28, 2013 Public release date: Nov 28, 2013 TITLE User authentication bypass vulnerability in Ruckus Access Point's administrative web interface SUMMARY An user authentication bypass vulnerability has been discovered in Ruckus Access Point's administrative web interface. This vulnerability may allow a malicious user to gain unauthorized access to the administrative web interface. AFFECTED SOFTWARE VERSIONS AND DEVICES DeviceAffected software - ---- ZoneFlex Access Points9.5.x, 9.6.x Any products not mentioned in the table above are not affected DETAILS A weakness has been discovered in the administrative web interface of the Ruckus Access Point devices. A malicious user with network access to the device's web interface may obtain unauthorized access and perform administrative actions via the web interface. The user does not have to be authenticated to the web interface for this attack to be successful. This issue does not affect any other Ruckus devices besides Ruckus Access Point devices. IMPACT A malicious user with network access to the administrative web interface of the Ruckus Access Point device may obtain unauthorized access and perform administrative actions via this interface. CVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) WORKAROUNDS Ruckus recommends that all customers apply the appropriate patch(es) as soon as practical. However, in the event that a patch cannot immediately be applied, the following suggestions might help reduce the risk: - Do not expose management interfaces of Ruckus devices (including administrative web interface) to untrusted networks such as the Internet. - Use a firewall to limit traffic to/from Ruckus Access Point's administrative web interface to trusted hosts. SOLUTION Ruckus recommends that all customers apply the appropriate patch(es) as soon as practical. The following patches have the fix (any later patches will also have the fix): BranchSoftware Patch - - ----- 9.5.x9.5.3.0.44MR 9.6.x9.6.1.0.15MR CREDITS This vulnerability was discovered and responsibly disclosed to Ruckus Wireless by multiple sources: - - - David Peters of Ansecurity - - - Neil Lines of Nettitude Group This issue has also been reported to CERT and NVD by a third party without informing Ruckus Wireless. http://www.kb.cert.org/vuls/id/742932 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5030 OBTAINING FIXED FIRMWARE Ruckus customers can obtain the fixed firmware from the support website at https://support.ruckuswireless.com/ Ruckus Support can be contacted as follows: 1-855-RUCKUS1 (1-855-782-5871) (United States) The full contact list is at: https://support.ruckuswireless.com/contact-us PUBLIC ANNOUNCEMENTS This security advisory is strictly confidential and will be made available for public consumption on Nov 28, 2013 at the following source Ruckus Website http://www.ruckuswireless.com/security SecurityFocus Bugtraq http://www.securityfocus.com/archive/1 Future updates of this advisory, if any, will be placed on Ruckus's website, but may or may not be actively announced on mailing lists. REVISION HISTORY Revision 1.0 / 28th Nov 2013 / Initial release RUCKUS WIRELESS SECURITY PROCEDURES Complete information on reporting security vulnerabilities in Ruckus Wireless products, obtaining assistance with security incidents is available at http://www.ruckuswireless.com/security For reporting new security issues, email can be sent to security(at)ruckuswireless.com For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.ruckuswireless.com/security STATUS OF THIS NOTICE: Final Although Ruckus cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Ruckus does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Ruckus may update this advisory. (c) Copyright 2013 by Ruckus Wireless This advisory may be redistributed freely after the public release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJSlnB/AAoJEFH6g5RLqzh1hoUIAMooTly+eiCi+xXnb5u7U9mW /HrBYdf6ayAIllwtBtbdeWCJd8bpxMeJzYdOY21zNQMWmUzkIREUtMqJRlHrOflT EVqQc67b+SPyGb46nKUoMe8IkYw0ZT/HBWAqbkD1CZqaXR9aPbfKvdksbQvWhXks
Fwd: RUCKUS ADVISORY ID 111113-2: Authenticated persistent cross site scripting vulnerability in guest pass provisioning web interface on ZoneDirector controllers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi BugTraq, I posted the below mail to bugtraq@securityfocus.com yesterday and it has not been published yet. Can you please check up on it for me. Thanks so very much. Regards Robbie Gill - Original Message Subject: RUCKUS ADVISORY ID 13-2: Authenticated persistent cross site scripting vulnerability in guest pass provisioning web interface on ZoneDirector controllers Date: Mon, 11 Nov 2013 16:49:04 -0800 From: Ruckus Product Security Team secur...@ruckuswireless.com To: bugtraq@securityfocus.com bugtraq@securityfocus.com RUCKUS ADVISORY ID 13-2 Customer release date: Sep 9, 2013 Public release date: Nov 11, 2013 TITLE Authenticated persistent cross site scripting vulnerability in guest pass provisioning web interface on ZoneDirector controllers SUMMARY A persistent cross site scripting vulnerability has been discovered in guest pass provisioning web interface on ZoneDirector controllers (ZD). For launching this attack, the attacker needs access to an authenticated user session with privileges for guest pass generation. AFFECTED SOFTWARE VERSIONS AND DEVICES DeviceAffected software - ---- ZoneDirector Controllers 9.3.x, 9.4.x, 9.5.x, 9.6.x Any products not mentioned in the table above are not affected DETAILS A persistent cross site scripting weakness has been discovered in the guest pass provisioning web interface of the ZoneDirector controller devices. An attacker with access to an authenticated user session with privileges for guest pass generation may cause certain malicious javascript code to execute in the user's browser with privileges of the user or the admin. The pre-requisite of this attack is that attacker has access to an authenticated user session with privileges for guest pass generation on the ZD. This issue does not affect any other Ruckus devices besides ZoneDirector controllers. IMPACT An attacker with access to an authenticated user session with privileges for guest pass generation may cause certain malicious javascript code to execute in the user's browser with privileges of the user or the admin. CVSS v2 BASE METRIC SCORE: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N) WORKAROUNDS Ruckus recommends that all customers apply the appropriate patch(es) as soon as practical for mitigating this attack. However, in the event that a patch cannot immediately be applied, the following suggestions might help reduce the risk: - - - Only launch web sessions to ZD's guest pass provisioning interface from trusted hosts with no connectivity to untrusted networks such as the Internet while the session is active. - Do not expose ZD's guest pass provisioning interface to untrusted networks such as the Internet. - Use a firewall to limit traffic to/from ZoneDirector's guest pass provisioning web interface to trusted hosts. SOLUTION Ruckus recommends that all customers apply the appropriate patch(es) as soon as practical. The following patches have the fix (any later patches will also have the fix): BranchSoftware Patch - - ---- 9.3.x9.3.4.0.21 9.4.x9.4.3.0.22 9.5.x9.5.2.0.15 9.6.x9.6.1.0.15 CREDITS This vulnerability was reported by Erik van Eijk of Dutch Forensic Institute, Netherlands. OBTAINING FIXED FIRMWARE Ruckus customers can obtain the fixed firmware from the support website at https://support.ruckuswireless.com/ Ruckus Support can be contacted as follows: 1-855-RUCKUS1 (1-855-782-5871) (United States) The full contact list is at: https://support.ruckuswireless.com/contact-us PUBLIC ANNOUNCEMENTS This security advisory is strictly confidential and will be made available for public consumption in approximately 60 days on Nov 11, 2013 at the following source Ruckus Website http://www.ruckuswireless.com/security SecurityFocus Bugtraq http://www.securityfocus.com/archive/1 Future updates of this advisory, if any, will be placed on Ruckus's website, but may or may not be actively announced on mailing lists. REVISION HISTORY Revision 1.0 / 9th Sep 2013 / Initial release RUCKUS WIRELESS SECURITY PROCEDURES Complete information on reporting security vulnerabilities in Ruckus Wireless products, obtaining assistance with security incidents is available at http://www.ruckuswireless.com/security For reporting new security issues, email can be sent to security(at)ruckuswireless.com For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.ruckuswireless.com/security STATUS OF THIS NOTICE: Final Although Ruckus cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Ruckus does not anticipate issuing updated versions of this advisory unless there is some material change
RUCKUS ADVISORY ID 031813-1: Unauthenticated TCP tunneling on Ruckus devices via SSH server process
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 RUCKUS ADVISORY ID 031813-1 Customer release date: March 25, 2013 Public release date: May 27, 2013 TITLE Unauthenticated TCP tunneling on Ruckus devices via SSH server process SUMMARY An user authentication bypass vulnerability has been discovered during standard internal bug reporting procedures in some of the Ruckus devices. This vulnerability may permit an unauthenticated malicious user with network access to port 22 to tunnel random TCP traffic to other hosts on the network via Ruckus devices. AFFECTED SOFTWARE VERSIONS AND DEVICES DeviceAffected software branches - --- ZoneDirector Controllers9.2.x, 9.3.x, 9.4.x, 9.5.x ZoneFlex Access Points9.2.x, 9.3.x, 9.4.x, 9.5.x, 1.x.x SmartCell Access Points1.x.x Smart Cell GatewayNOT AFFECTED Any products not mentioned in the table above are not affected DETAILS Ruckus allows for SSH connectivity to its devices for debuggability and maintenance reasons. It was discovered that a malicious user could abuse the TCP tunneling feature of the SSH daemon on Ruckus devices to proxy random TCP streams through the Ruckus devices. The user does not have to be authenticated to the Ruckus device for requesting and establishing such a tunnel. Once tunnel is established, the user's TCP stream would be carried over SSH to the Ruckus device, which would forward the traffic to an IP and port of the user's choosing. IMPACT An unauthenticated malicious user may be able to establish a SSH forwarding tunnel to a Ruckus device and use this tunnel to forward random TCP streams to other hosts in connectivity with the Ruckus device. SSH daemon is enabled by default on Ruckus devices. CVSS v2 BASE METRIC SCORE: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) CHECK IF YOU ARE VULNERABLE - Malicious user requires network access to port 22 on the target Ruckus device to carry out this attack. - Smart Cell Gateway is NOT affected by this issue. WORKAROUNDS Ruckus recommends that all customers apply the appropriate patch(es) as soon as practical. However, in the event that a patch cannot immediately be applied, the following steps will help to mitigate the risk: - Do not expose management interfaces of Ruckus devices (including SSH access) to untrusted networks such as the Internet. - Use a firewall to limit SSH traffic to/from Ruckus devices to trusted hosts. - If limiting SSH access is not possible, an extreme workaround is to disable SSH access to the Ruckus device via a firewall in the path or via the HTTPS Web Interface of the device itself. SOLUTION Ruckus recommends that all customers apply the appropriate patch(es) as soon as practical. The following patches have the fix (any later patches will also have the fix): BranchSoftware Patch - --- 9.2.xZF7731_9.2.0.0.168 9.3.x9.3.4.0.17 9.4.x9.4.3.0.16 9.5.x9.5.1.0.50 1.x.x1.1.1 OBTAINING FIXED FIRMWARE Ruckus customers can obtain the fixed firmware from the support website at https://support.ruckuswireless.com/ Ruckus Support can be contacted as follows: 1-855-RUCKUS1 (1-855-782-5871) (United States) e-mail: support at ruckuswireless.com The full contact list is at: https://support.ruckuswireless.com/contact-us PUBLIC ANNOUNCEMENTS This security advisory is strictly confidential and will be made available for public consumption in approximately 60 days on 27th May 2013 at the following source Ruckus Website http://www.ruckuswireless.com/security SecurityFocus Bugtraq http://www.securityfocus.com/archive/1 Future updates of this advisory, if any, will be placed on Ruckus's website, but may or may not be actively announced on mailing lists. REVISION HISTORY Revision 1.0 / 25th March 2013 / Initial release RUCKUS WIRELESS SECURITY PROCEDURES Complete information on reporting security vulnerabilities in Ruckus Wireless products, obtaining assistance with security incidents is available at http://www.ruckuswireless.com/security For reporting new security issues, email can be sent to security(at)ruckuswireless.com For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.ruckuswireless.com/security STATUS OF THIS NOTICE: Final Although Ruckus cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Ruckus does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Ruckus may update this advisory. (c) Copyright 2013 by Ruckus Wireless This advisory may be redistributed freely after the public release date given at the top of the text, provided that redistributed copies are