Jul 24, 2007 (01:07 PM EDT)
Cisco Warns Of Bugs In Wireless LAN Controllers

Read the Original Article at InformationWeek

Cisco Systems released a security advisory on Tuesday afternoon to address several vulnerabilities in its Wireless LAN Controllers that could enable hackers to cause a denial-of-service on the affected network.

The flaws lie in the handling of Address Resolution Protocol (ARP) packets. The advisory noted that a unicast ARP request may be flooded on the LAN links between Wireless LAN Controllers in a mobility group. A vulnerable WLC may mishandle unicast ARP requests from a wireless client, leading to an ARP storm.

The bugs affect versions 4.1, 4.0, 3.2, and prior versions of the Wireless LAN Controller software, according to the advisory.

The protocol provides a mapping between a device's IP address and its hardware address on the local network. And the Cisco Wireless LAN Controllers provide real-time communication between lightweight access points and other wireless LAN controllers for centralized system-wide WLAN configuration and management functions, according to Cisco.

As a workaround, Cisco is recommending that operators require all clients to obtain their IP addresses from a DHCP server. A DHCP, or Dynamic Host Configuration Protocol. is a set of rules used to allow a device to obtain an IP address from a server. To enforce the workaround, all WLANs can be configured with a DHCP Required setting, which disallows client static IP addresses, Cisco noted. If DHCP Required is selected, clients must obtain an IP address via DHCP. Any client with a static IP address will not be allowed on the network. The controller monitors DHCP traffic because it acts as a DHCP proxy for the clients.

Earlier this month, Cisco released two security bulletins to warn IT managers about vulnerabilities in its Unified Communications Manager. In one advisory, Cisco noted the Unified Communications Manager, which used to be known as CallManager, contained two overflow vulnerabilities. The flaws, according to the company, could enable a remote, unauthenticated hacker to execute arbitrary and malicious code or cause a denial-of-service.