-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 TITLE Packet Injection Vulnerability on 802.11n MAC Frame Aggregation DESCRIPTION WHAT IS THE ISSUE? A potential vulnerability on 802.11n MAC Frame Aggregation feature was exposed recently. The vulnerability can potentially be used by attackers to inject frames into wireless networks by using Packet-In-Packet technique to exploit the frame aggregation mechanism introduced in 802.11n standard. This is a flaw in the 802.11n aggregation protocol design and not Ruckus specific. Impacts all 802.11n implementations. The vulnerability has an easy workaround; enabling encryption on the wireless network will prevent this vulnerability from being exploited. Ruckus will work with WiFi silicon vendors and provide additional checks through firmware updates if required in the future. Best defense is enabling encryption as it prevents this vulnerability from being exploited. DO I NEED TO CHECK IF I AM VULNERABLE? Packet Injection Vulnerability is a design flaw. This flaw has been identified in a technical paper published at "ACM WiSec 2015: 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks", http://www.sigsac.org/wisec/WiSec2015/. There is no need to run any specific tests to check if you are vulnerable. The probability of the success in this attack as calculated by the above-referred paper is, 1 in 4K frames. Ruckus recommends enabling of encryption on the wireless network to protect against this vulnerability. HOW DOES RUCKUS WIRELESS QUALIFY SEVERITY OF SECURITY ISSUES? Ruckus Wireless utilizes the Common Vulnerability Scoring System (CVSS) v2. This rating system is a vendor agnostic, industry open standard designed to convey vulnerability severity and help determine urgency and priority of response. This particular issue has not yet been reported and rated on the CVS System. WHEN WILL THIS RUCKUS WIRELESS SECURITY ADVISORY BE PUBLICLY POSTED? Ruckus Wireless released the initial security advisory to Ruckus field teams on: 7-17-2015 Ruckus Wireless released the initial security advisory to customers on: 7-17-2015 Public posting: 7-17-2015 Ruckus Support can be contacted as follows: The full contact list is at: https://support.ruckuswireless.com/contact-us REVISION HISTORY Revision 1.0 / 17th July 2015 / Initial release (internal) RUCKUS WIRELESS SECURITY PROCEDURES Complete information on reporting security vulnerabilities in Ruckus Wireless products, obtaining assistance with security incidents is available at: http://www.ruckuswireless.com/security For reporting new security issues, email can be sent to security(at)ruckuswireless.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.ruckuswireless.com/security STATUS OF THIS NOTICE: Final Although Ruckus cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Ruckus does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Ruckus may update this advisory. (c) Copyright 2015 by Ruckus Wireless This advisory may be redistributed freely after the public release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJVqUHXAAoJEFH6g5RLqzh1ymUIAMxOteCeg4BgplZ161N5Ier/ GxrUEOzQ9Oc0+RCUr2w2ELJiqTD/SX6CZ2/eLi+yMZ16i2uEHpB79+zAFYTGmaiN xZ4chlU8FcIwEauiPgkNXQhUoTuoow5S8ux7rIW8wQy8pY3pO4rSA0i6PIcjwsWi APdIAwmSx9kO6UQS5JeqjGR6+GARtkQXuf3e6X4qX9CLrn19LDaZxpmmvaWuAJUS 38zhgOOZ0tv7M7t0sgB3KZFMrZBPGzZS4lXrTBgY87Pp23uGzIYbTUY8fh+hDEkQ YY4mU6uQWq/LN7GPj3PMUax6WwFJCOnnITpbLHCttDYfUCUEAfx3KIHgd71extQ= =nn17 -----END PGP SIGNATURE-----