exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

HP Security Bulletin HPSBHF02912

HP Security Bulletin HPSBHF02912
Posted Aug 9, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02912 - Potential security vulnerabilities have been identified with HP Networking Products including 3COM and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and denial of service. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2013-4806
SHA-256 | d03c9b169146e0687bb59aaab2fe47550ed986257cae1e3086ec8b1ef4ab08e9

HP Security Bulletin HPSBHF02912

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03880910

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03880910
Version: 1

HPSBHF02912 rev.1 - HP Networking Products including H3C and 3COM Routers and
Switches, OSPF Remote Information Disclosure and Denial of Service

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2013-08-08
Last Updated: 2013-08-08

Potential Security Impact: Remote information disclosure and denial of
service

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Networking
Products including 3COM and H3C routers and switches. The vulnerabilities
could be remotely exploited resulting in disclosure of information and denial
of service.

References: CVE-2013-4806 (CERT VU#229804 SSRT101224)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Please refer to the RESOLUTION
section below for a list of impacted products.

BACKGROUND

CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2013-4806 (AV:N/AC:M/Au:S/C:P/I:N/A:C) 7
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002

RESOLUTION
HP has made the following software updates available to resolve the
vulnerabilities in the following products:

Fixed Version
HP Branded Products Impacted
H3C Branded Products Impacted
3Com Branded Products Impacted

R5000_3.14p14
JD935A HP 5012 Router
JD943A HP 5232 Router
JD944A HP 5642 Router
JD945A HP Router 5642 TAA
JD946A HP 5682 Router
N/A
3Com Router 5642 TAA (3C13755TAA)
3Com Router 5012 (3C13701)
3Com Router 5232 (3C13751)
3Com Router 5642 (3C13755)
3Com Router 5682 (3C13759)

R301X_1.40.23
JD916A HP 3012 Router
JD919A HP 3018 Router
N/A
3Com Router 3012 (3C13612)
3Com Router 3018 (3C13618)

S5600_3.10.R1702P39
JD391A HP S5600-50C Ethernet Switch
JD392A HP S5600-50C-PWR Ethernet Switch
JD393A HP S5600-26C Ethernet Switch
JD394A HP S5600-26C-PWR Ethernet Switch
JD395A HP S5600-26F Ethernet Switch
H3C S5600-26C Ethernet Switch (0235A11F)
H3C S5600-26C-PWR Ethernet Switch (0235A11G)
H3C S5600-26F Ethernet Switch (0235A11H)
H3C S5600-50C Ethernet Switch (0235A11D)
H3C S5600-50C-PWR Ethernet Switch (0235A11E)
N/A

E5500G_03.03.02p19
JE088A HP E5500-24G Switch
JE089A HP E5500-24G Switch (TAA)
JE090A HP E5500-48G Switch
JE091A HP E5500-48G Switch (TAA)
JE092A HP E5500-24G-PoE Switch
JE093A HP E5500-24G-PoE Switch (TAA)
JE094A HP E5500-48G-PoE Switch
JE095A HP E5500-48G-PoE Switch (TAA)
JE096A HP E5500-24G-SFP Switch
JE097A HP E5500-24G-SPF Switch (TAA)
JF551A HP SS4 SWITCH 5500G-EI 24PT (no psu)
JF552A HP SS4 SWITCH 5500G-EI 48PT(no psu)
JF553A HP SS4 5500G-EI 24 PORT
SFP (no psu)
N/A
3Com SS4 5500G-EI 24 Port SFP (NO PSU) (3CR17259-91)
3Com SS4 Switch 5500G-EI 24PT (NO PSU) (3CR17254-91)
3Com SS4 Switch 5500G-EI 48PT (NO PSU) (3CR17255-91)
3Com Switch 5500G-EI 24 Port (3CR17250-91)
3Com Switch 5500G-EI 48-Port (3CR17251-91)
3Com Switch 5500G-EI PWR 24-Port (3CR17252-91)
3Com Switch 5500G-EI PWR 48-Port (3CR17253-91)
3Com Switch 5500G-EI SFP 24-Port (3CR17258-91)
3Com TAA Compliant 5500G-EI 24-Port (3CR17250TAA-91)
3Com TAA Compliant 5500G-EI 48-Port (3CR17251TAA-91)
3Com TAA Compliant 5500G-EI PWR 24P (3CR17252TAA-91)
3Com TAA Compliant 5500G-EI PWR 48P (3CR17253TAA-91)
3Com TAA Compliant 5500G-EI SFP 24P (3CR17258TAA-91)

E5500_03.03.02p19
JE099A HP E5500-24 SI Switch
JE100A HP E5500-48 SI Switch
JE101A HP E5500-24 Switch
JE102A HP E5500-24 Switch (TAA)
JE103A HP E5500-48 Switch
JE104A HP E5500-48 Switch (TAA)
JE105A HP E5500-24-PoE Switch
JE106A HP E5500-24-PoE Switch (TAA)
JE107A HP E5500-48-PoE Switch
JE108A HP E5500-48-PoE Switch (TAA)
JE109A HP E5500-24-SFP Switch,
JE110A HP E5500-24-SPF Switch (TAA)
N/A
3Com SS4 Switch 5500-SI 28 Port (3CR17151-91)
3Com SS4 Switch 5500-SI 52 Port (3CR17152-91)
3Com Switch 5500-EI 28-Port (3CR17161-91)
3Com Switch 5500-EI 28-Port FX (3CR17181-91) 3Com Switch 5500-EI 52-Port
(3CR17162-91)
3Com Switch 5500-EI PWR 28-Port (3CR17171-91) 3Com Switch 5500-EI PWR 52-Port
(3CR17172-91)
3Com TAA Switch 5500-EI 28-Port (3CR17161TAA-91)
3Com TAA Switch 5500-EI 28-Port FX (3CR17181TAA-91)
3Com TAA Switch 5500-EI 52-Port (3CR17162TAA-91)
3Com TAA Switch 5500-EI PWR 28-Port (3CR17171TAA-91)
3Com TAA Switch 5500-EI PWR 52-Port (3CR17172TAA-91)

S3600.EI_3.10.R1702P34
JD326A HP 3600-24-PoE EI Switch
JD328A HP 3600-48-PoE EI Switch
JD331A HP 3600-24 EI Switch
JD333A HP 3600-48 EI Switch
JD334A HP 3600-24-SFP EI Switch
H3C S3600-28F-EI - model LS-3600-28F-EI-OVS (0235A10L)
H3C S3600-28P-EI - model LS-3600-28P-EI-OVS (0235A10H)
H3C S3600-28P-PWR-EI - model LS-3600-28P-PWR-EI-OVS (0235A10C)
H3C S3600-52P-EI - model LS-3600-52P-EI-OVS (0235A10K)
H3C S3600-52P-PWR-EI - model LS-3600-52P-PWR-EI-OVS (0235A10E)
N/A

E.11.38
J4850A HP ProCurve Switch 5304xl
J8166A HP ProCurve Switch 5304xl-32G
J4819A HP ProCurve Switch 5308xl
J8167A HP ProCurve Switch 5308xl-48G
J4849A HP ProCurve Switch 5348xl
J4849B HP ProCurve Switch 5348xl
J4848A HP ProCurve Switch 5372xl
J4848B HP ProCurve Switch 5372xl

N/A
N/A

M.10.99
J4906A HP E3400-48G cl Switch
J4905A HP ProCurve Switch 3400cl-24G
N/A
N/A

M.08.140
J8433A HP 6400-6XG CL Switch J8474A HP 6410-6XG CL Switch
N/A
N/A

HISTORY
Version:1 (rev.1) - 8 August 2013 Initial Release

Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX

Copyright 2013 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits;damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iEYEARECAAYFAlIDpdwACgkQ4B86/C0qfVldlwCcDDroDhqjX0UVp4i8jVvizBGx
XcQAnjFZJnhpwE7xpI1wxQZ1tdrFvaGL
=Q4Dh
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close