SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   HPE ProCurve Switch Vendors:   HPE
HP ProCurve Switch Can Be Crashed By Remote Users Attempting to Set a Particular SNMP Write Variable
SecurityTracker Alert ID:  1004861
SecurityTracker URL:  http://securitytracker.com/id/1004861
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 27 2002
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): HP J4121A ProCurve Switch 4000M revision C.07.23, ROM C.06.01
Description:   A denial of service vulnerability was reported in HP's ProCure 4000M switch (J4121A). A remote user can cause the switch to crash.

Phenoelit Group reported that a remote user can attempt to write an SNMP variable with 85 characters to cause the switch to crash the next time that a remote user connects to the Telnet or HTTP port. The affected SNMP variable is:

.iso.3.6.1.4.1.11.2.36.1.1.2.1.0

A demonstration exploit example is provided:

linux# snmpwrite <switch_ip> private .iso.3.6.1.4.1.11.2.36.1.1.2.1.0 \
s `perl -e 'print "A"x85;'`

The vendor has reportedly been notified.

Impact:   A remote user can cause the switch to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.hp.com/rnd/index.htm (Links to External Site)
Cause:   Exception handling error

Message History:   None.


 Source Message Contents

Subject:  Phenoelit Advisory 0815 ++ /+ HP ProCurve


--------------070407060100070909000705
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit


-- 
            kim0   <kim0@phenoelit.de>
        Phenoelit (http://www.phenoelit.de)
90C0 969C EC71 01DC 36A0  FBEF 2D72 33C0 77FC CD42

--------------070407060100070909000705
Content-Type: text/plain;
 name="HP_ProCurve.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="HP_ProCurve.txt"

Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +-+->

[ Authors ]
	FX		<fx@phenoelit.de>
	kim0 		<kim0@phenoelit.de>	
	Zet 		<zet@darklab.org>

	Phenoelit Group	(http://www.phenoelit.de)
	Advisory	http://www.phenoelit.de/stuff/HP_ProCurve.txt

[ Affected Products ]
	Hewlett Packard (HP)  
			ProCurve Switch

	Tested on
			HP J4121A ProCurve Switch 4000M
			revision C.07.23, ROM C.06.01

	HP Bug ID: 	Not assigned

[ Vendor communication ]
        06/29/02        Initial Notification, security-alert@hp.com
                        *Note-Initial notification by phenoelit
                        includes a cc to cert@cert.org by default
        06/29/02        RBL blocked delivery to security-alert@hp.com
        06/29/02        Creation of ho-mail account and resend
        07/29/02        Auto-responder reply
        07/02/02        Human confirmation, PGP exchange and ack.
        07/19/02        Notification of intent to post publically in
                        apx. 7 days.
	07/23/02	Coordination for release date/times

[ Overview ]
	HP ProCurve Switches are the current offering in the switch market from 
	Hewlett Packard.  
	
[ Description ]
	SNMP variable accessible by SNMP WRITE with 85 characters crashes the 
	ProCurve Switch upon next connect to the TELNET or HTTP Port
	(.iso.3.6.1.4.1.11.2.36.1.1.2.1.0)
	
[ Example ]
	linux# snmpwrite <switch_ip> private .iso.3.6.1.4.1.11.2.36.1.1.2.1.0 \
		s `perl -e 'print "A"x85;'`

[ Solution ]
	None known at this time. 


[ end of file ]



--------------070407060100070909000705--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC