[security bulletin] HPSBHF02912 rev.1 - HP Networking Products including H3C and 3COM Routers and Switches, OSPF Remote Information Disclosure and Denial of Service

2013-08-1200:00:00

vulners.com

JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03880910

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03880910
Version: 1

HPSBHF02912 rev.1 - HP Networking Products including H3C and 3COM Routers and
Switches, OSPF Remote Information Disclosure and Denial of Service

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2013-08-08
Last Updated: 2013-08-08

Potential Security Impact: Remote information disclosure and denial of
service

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Networking
Products including 3COM and H3C routers and switches. The vulnerabilities
could be remotely exploited resulting in disclosure of information and denial
of service.

References: CVE-2013-4806 (CERT VU#229804 SSRT101224)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Please refer to the RESOLUTION
section below for a list of impacted products.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score
CVE-2013-4806 (AV:N/AC:M/Au:S/C:P/I:N/A:C) 7

         Information on CVSS is documented
        in HP Customer Notice: HPSN-2008-002

RESOLUTION
HP has made the following software updates available to resolve the
vulnerabilities in the following products:

Fixed Version
HP Branded Products Impacted
H3C Branded Products Impacted
3Com Branded Products Impacted

R5000_3.14p14
JD935A HP 5012 Router
JD943A HP 5232 Router
JD944A HP 5642 Router
JD945A HP Router 5642 TAA
JD946A HP 5682 Router
N/A
3Com Router 5642 TAA (3C13755TAA)
3Com Router 5012 (3C13701)
3Com Router 5232 (3C13751)
3Com Router 5642 (3C13755)
3Com Router 5682 (3C13759)

R301X_1.40.23
JD916A HP 3012 Router
JD919A HP 3018 Router
N/A
3Com Router 3012 (3C13612)
3Com Router 3018 (3C13618)

S5600_3.10.R1702P39
JD391A HP S5600-50C Ethernet Switch
JD392A HP S5600-50C-PWR Ethernet Switch
JD393A HP S5600-26C Ethernet Switch
JD394A HP S5600-26C-PWR Ethernet Switch
JD395A HP S5600-26F Ethernet Switch
H3C S5600-26C Ethernet Switch (0235A11F)
H3C S5600-26C-PWR Ethernet Switch (0235A11G)
H3C S5600-26F Ethernet Switch (0235A11H)
H3C S5600-50C Ethernet Switch (0235A11D)
H3C S5600-50C-PWR Ethernet Switch (0235A11E)
N/A

E5500G_03.03.02p19
JE088A HP E5500-24G Switch
JE089A HP E5500-24G Switch (TAA)
JE090A HP E5500-48G Switch
JE091A HP E5500-48G Switch (TAA)
JE092A HP E5500-24G-PoE Switch
JE093A HP E5500-24G-PoE Switch (TAA)
JE094A HP E5500-48G-PoE Switch
JE095A HP E5500-48G-PoE Switch (TAA)
JE096A HP E5500-24G-SFP Switch
JE097A HP E5500-24G-SPF Switch (TAA)
JF551A HP SS4 SWITCH 5500G-EI 24PT (no psu)
JF552A HP SS4 SWITCH 5500G-EI 48PT(no psu)
JF553A HP SS4 5500G-EI 24 PORT
SFP (no psu)
N/A
3Com SS4 5500G-EI 24 Port SFP (NO PSU) (3CR17259-91)
3Com SS4 Switch 5500G-EI 24PT (NO PSU) (3CR17254-91)
3Com SS4 Switch 5500G-EI 48PT (NO PSU) (3CR17255-91)
3Com Switch 5500G-EI 24 Port (3CR17250-91)
3Com Switch 5500G-EI 48-Port (3CR17251-91)
3Com Switch 5500G-EI PWR 24-Port (3CR17252-91)
3Com Switch 5500G-EI PWR 48-Port (3CR17253-91)
3Com Switch 5500G-EI SFP 24-Port (3CR17258-91)
3Com TAA Compliant 5500G-EI 24-Port (3CR17250TAA-91)
3Com TAA Compliant 5500G-EI 48-Port (3CR17251TAA-91)
3Com TAA Compliant 5500G-EI PWR 24P (3CR17252TAA-91)
3Com TAA Compliant 5500G-EI PWR 48P (3CR17253TAA-91)
3Com TAA Compliant 5500G-EI SFP 24P (3CR17258TAA-91)

E5500_03.03.02p19
JE099A HP E5500-24 SI Switch
JE100A HP E5500-48 SI Switch
JE101A HP E5500-24 Switch
JE102A HP E5500-24 Switch (TAA)
JE103A HP E5500-48 Switch
JE104A HP E5500-48 Switch (TAA)
JE105A HP E5500-24-PoE Switch
JE106A HP E5500-24-PoE Switch (TAA)
JE107A HP E5500-48-PoE Switch
JE108A HP E5500-48-PoE Switch (TAA)
JE109A HP E5500-24-SFP Switch,
JE110A HP E5500-24-SPF Switch (TAA)
N/A
3Com SS4 Switch 5500-SI 28 Port (3CR17151-91)
3Com SS4 Switch 5500-SI 52 Port (3CR17152-91)
3Com Switch 5500-EI 28-Port (3CR17161-91)
3Com Switch 5500-EI 28-Port FX (3CR17181-91) 3Com Switch 5500-EI 52-Port
(3CR17162-91)
3Com Switch 5500-EI PWR 28-Port (3CR17171-91) 3Com Switch 5500-EI PWR 52-Port
(3CR17172-91)
3Com TAA Switch 5500-EI 28-Port (3CR17161TAA-91)
3Com TAA Switch 5500-EI 28-Port FX (3CR17181TAA-91)
3Com TAA Switch 5500-EI 52-Port (3CR17162TAA-91)
3Com TAA Switch 5500-EI PWR 28-Port (3CR17171TAA-91)
3Com TAA Switch 5500-EI PWR 52-Port (3CR17172TAA-91)

S3600.EI_3.10.R1702P34
JD326A HP 3600-24-PoE EI Switch
JD328A HP 3600-48-PoE EI Switch
JD331A HP 3600-24 EI Switch
JD333A HP 3600-48 EI Switch
JD334A HP 3600-24-SFP EI Switch
H3C S3600-28F-EI - model LS-3600-28F-EI-OVS (0235A10L)
H3C S3600-28P-EI - model LS-3600-28P-EI-OVS (0235A10H)
H3C S3600-28P-PWR-EI - model LS-3600-28P-PWR-EI-OVS (0235A10C)
H3C S3600-52P-EI - model LS-3600-52P-EI-OVS (0235A10K)
H3C S3600-52P-PWR-EI - model LS-3600-52P-PWR-EI-OVS (0235A10E)
N/A

E.11.38
J4850A HP ProCurve Switch 5304xl
J8166A HP ProCurve Switch 5304xl-32G
J4819A HP ProCurve Switch 5308xl
J8167A HP ProCurve Switch 5308xl-48G
J4849A HP ProCurve Switch 5348xl
J4849B HP ProCurve Switch 5348xl
J4848A HP ProCurve Switch 5372xl
J4848B HP ProCurve Switch 5372xl

N/A
N/A

M.10.99
J4906A HP E3400-48G cl Switch
J4905A HP ProCurve Switch 3400cl-24G
N/A
N/A

M.08.140
J8433A HP 6400-6XG CL Switch J8474A HP 6410-6XG CL Switch
N/A
N/A

HISTORY
Version:1 (rev.1) - 8 August 2013 Initial Release

Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to [email protected].

Report: To report a potential security vulnerability with any HP supported
product, send Email to: [email protected]

Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX

Copyright 2013 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits;damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iEYEARECAAYFAlIDpdwACgkQ4B86/C0qfVldlwCcDDroDhqjX0UVp4i8jVvizBGx
XcQAnjFZJnhpwE7xpI1wxQZ1tdrFvaGL
=Q4Dh
-----END PGP SIGNATURE-----