Home > Security News > Cisco issues warning for wireless LAN controller flaws
Security News:
EMAIL THIS LICENSING & REPRINTS

Cisco issues warning for wireless LAN controller flaws

By Robert Westervelt, News Editor
24 Jul 2007 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Cisco Systems Inc. issued an advisory today warning customers of several vulnerabilities in its wireless LAN controllers that could be exploited remotely to conduct a denial of service attack.

The Cisco 4100 and 4400 series wireless LAN controllers are affected as well as its Airespace 4000 series, its Catalyst 3750 series integrated wireless LAN controllers and its Catalyst 6500 series wireless services module (WiSM), according to the advisory, Cisco issued today.

The issue first came to light during a series of incidents at Duke University last week, when the Durham, N.C. school experienced temporary disruptions to its wireless network.

"Those conditions involve our deployment of a very large Cisco-based wireless network that supports multiple network protocols," said Tracy Futhey, Duke's chief information officer in a statement issued last week.

Futhey said Cisco provided a fix which was applied to Duke's network and there have been no recurrences of the problem since.

Cisco wireless LANs are used in homes and businesses to allow devices to communicate without being connected to a network with a cable. The problems are associated with the address resolution protocol (ARP), which provides a mapping between a device's IP address and its hardware address on the local network. The controllers contain flaws when "processing unicast ARP traffic where a unicast ARP request may be flooded on the LAN links between Wireless LAN Controllers in a mobility group." An attacker does not need to authenticate to exploit the vulnerability, Cisco said.

A software patch will be issued for the affected devices on July 27 for versions 3.2 and 4.0 of the devices. An update for version 4.1 is now available from Cisco. As a workaround, "Cisco recommends that operators require all clients to obtain their IP addresses from a DHCP server. To enforce this requirement, all WLANs can be configured with a DHCP Required setting, which disallows client static IP addresses."

Cisco will release software updates for versions 3.2 and 4.0 of the controller software on July 27.



Sound Off! -   Be the first to post a message to Sound Off!


Tags: Wireless LAN ArchitectureVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts