Sign-up

ID

VAR-200608-0223


CVE

CVE-2006-4015


TITLE

HP ProCurve Service disruption in switches (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2006-001923

DESCRIPTION

Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors. ProCurve is prone to an unspecified remote denial-of-service vulnerability. This issue is most likely due to a failure in the device to properly sanitize user-supplied input. An attacker can exploit this issue to crash an affected device, effectively denying service to legitimate users. This issue affects ProCurve switches running software prior to K.11.33. Remote attackers can cause the switch to deny service by sending specially crafted packets. ---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: HP ProCurve Switch Denial of Service Vulnerability SECUNIA ADVISORY ID: SA21316 VERIFY ADVISORY: http://secunia.com/advisories/21316/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: HP ProCurve Switch 3500yl series http://secunia.com/product/11225/ HP ProCurve Switch 5400zl series http://secunia.com/product/11226/ HP ProCurve Switch 6200yl series http://secunia.com/product/11227/ DESCRIPTION: A vulnerability has been reported in HP ProCurve Switch, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability has been reported in the following products: * ProCurve Switch 3500yl series * ProCurve Switch 6200yl series * ProCurve Switch 5400zl series SOLUTION: Update switch software to version K.11.33 or later. http://www.hp.com/rnd/software/switches.htm PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBGN02136 SSRT061173: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00732233 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-4015 // JVNDB: JVNDB-2006-001923 // BID: 19310 // VULHUB: VHN-20123 // PACKETSTORM: 48806

AFFECTED PRODUCTS

vendor:hpmodel:procurve switch 6200ylscope:eqversion:k.11.32

Trust: 1.6

vendor:hpmodel:procurve switch 3500ylscope:lteversion:k.11.32

Trust: 1.0

vendor:hpmodel:procurve switch 5400zlscope:lteversion:k.11.32

Trust: 1.0

vendor:hewlett packardmodel:procurve switch 6200ylscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:hp 5400 zl switch seriesscope:eqversion:k.11.33

Trust: 0.8

vendor:hewlett packardmodel:hp 5400 zl switch seriesscope:ltversion:5400zl

Trust: 0.8

vendor:hewlett packardmodel:procurve switch 3500ylscope: - version: -

Trust: 0.8

vendor:hpmodel:procurve switch 5400zlscope:eqversion:k.11.32

Trust: 0.6

vendor:hpmodel:procurve switch 3500ylscope:eqversion:k.11.32

Trust: 0.6

vendor:hpmodel:procurve switch 6200ylscope:eqversion:0

Trust: 0.3

vendor:hpmodel:procurve switch 5400zlscope:eqversion:0

Trust: 0.3

vendor:hpmodel:procurve switch 3500ylscope:eqversion:0

Trust: 0.3

sources: BID: 19310 // JVNDB: JVNDB-2006-001923 // CNNVD: CNNVD-200608-080 // NVD: CVE-2006-4015

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-4015
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-4015
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200608-080
value: MEDIUM

Trust: 0.6

VULHUB: VHN-20123
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-4015
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-20123
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-20123 // JVNDB: JVNDB-2006-001923 // CNNVD: CNNVD-200608-080 // NVD: CVE-2006-4015

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4015

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200608-080

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200608-080

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001923

PATCH
title:HP Security Notice HPSN-2011-001url:https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Dc00732233%25257CdocLocale%25253Den&
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001923

EXTERNAL IDS
db:NVDid:CVE-2006-4015
Trust: 2.5
db:BIDid:19310
Trust: 2.0
db:SECUNIAid:21316
Trust: 1.8
db:SREASONid:1335
Trust: 1.7
db:SECTRACKid:1016623
Trust: 1.7
db:VUPENid:ADV-2006-3136
Trust: 1.7
db:JVNDBid:JVNDB-2006-001923
Trust: 0.8
db:CNNVDid:CNNVD-200608-080
Trust: 0.7
db:HPid:SSRT061173
Trust: 0.6
db:VULHUBid:VHN-20123
Trust: 0.1
db:PACKETSTORMid:48806
Trust: 0.1
sources:
            
            
            VULHUB: VHN-20123 // 
            
            
            
            BID: 19310 // 
            
            
            
            JVNDB: JVNDB-2006-001923 // 
            
            
            
            PACKETSTORM: 48806 // 
            
            
            
            CNNVD: CNNVD-200608-080 // 
            
            
            
            NVD: CVE-2006-4015

REFERENCES
url:http://www.securityfocus.com/bid/19310
Trust: 1.7
url:http://securitytracker.com/id?1016623
Trust: 1.7
url:http://secunia.com/advisories/21316
Trust: 1.7
url:http://securityreason.com/securityalert/1335
Trust: 1.7
url:http://www.securityfocus.com/archive/1/442033/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2006/3136
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4015
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4015
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/442033/100/0/threaded
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/3136
Trust: 0.6
url:http://www.hp.com/rnd/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/advisories/21316/
Trust: 0.1
url:http://secunia.com/product/11226/
Trust: 0.1
url:http://www.hp.com/rnd/software/switches.htm
Trust: 0.1
url:http://itrc.hp.com/service/cki/docdisplay.do?docid=c00732233
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/product/11225/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/11227/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-20123 // 
            
            
            
            BID: 19310 // 
            
            
            
            JVNDB: JVNDB-2006-001923 // 
            
            
            
            PACKETSTORM: 48806 // 
            
            
            
            CNNVD: CNNVD-200608-080 // 
            
            
            
            NVD: CVE-2006-4015

CREDITS
HP Security Bulletin security-alert@hp.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200608-080

SOURCES
db:VULHUBid:VHN-20123
db:BIDid:19310
db:JVNDBid:JVNDB-2006-001923
db:PACKETSTORMid:48806
db:CNNVDid:CNNVD-200608-080
db:NVDid:CVE-2006-4015

LAST UPDATE DATE
2024-08-14T14:00:14.131000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-20123date:2018-10-17T00:00:00
db:BIDid:19310date:2006-08-03T15:51:00
db:JVNDBid:JVNDB-2006-001923date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200608-080date:2007-05-07T00:00:00
db:NVDid:CVE-2006-4015date:2018-10-17T21:32:49.927

SOURCES RELEASE DATE
db:VULHUBid:VHN-20123date:2006-08-07T00:00:00
db:BIDid:19310date:2006-08-02T00:00:00
db:JVNDBid:JVNDB-2006-001923date:2012-09-25T00:00:00
db:PACKETSTORMid:48806date:2006-08-10T00:40:54
db:CNNVDid:CNNVD-200608-080date:2006-08-07T00:00:00
db:NVDid:CVE-2006-4015date:2006-08-07T19:04:00