Summary
Reference
Document ID: KM02992663 (c01179938)
Version: 1
Release Date: 2004-05-18
Last Updated: 2007-10-02
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP ProCurve Routing Switches running TCP which could be exploited to cause a remotely exploitable Denial of Service (DoS).
References: NISCC 236929, CVE CAN-2004-0230, CERT TA04-111A , HPSBMI01041
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP ProCurve Routing Switch 9315M, 9308M, 9304M and all managed HP EtherTwist, HP AdvanceStack and HP ProCurve devices.
BACKGROUND
For a PGP signed version of this security bulletin please write to: security-alert@hp.com
Note:This Security Bulletin has been re-released with a new document number but without alteration of content. The purpose of this new number and re-release is to assure the document is available on all customer accessible databases.
This information is applicable for the following security vulnerability alerts:
NISCC Vulnerability Advisory 236929 - Vulnerability Issues in TCP
US-CERT Technical Cyber Security Alert TA04-111A Vulnerabilities in TCP
CVE name CAN-2004-0230
The industry standard TCP specification (RFC793) has a vulnerability whereby established TCP connections can be reset by an attacker. The TCP stack that is part of the software used in managed HP EtherTwist, HP AdvanceStack and HP ProCurve devices is in conformance with this specification, and therefore contains this potential vulnerability. The TCP connections that are affected due to this situation are only those terminating on these devices, not those passing through these devices.
HP ProCurve Routing Switch 9315M, 9308M, and 9304M which have BGP functionality can experience a Denial of Service, the duration of which would be the time needed by the device to rebuild routing tables.
TCP sessions, including Telnet, SSH, SFTP and HTTP on all managed HP EtherTwist, HP AdvanceStack and HP ProCurve devices may be disconnected without warning. TCP sessions that have been disconnected can be re-established.
TCP sessions, including Telnet, SSH, SFTP and HTTP on all managed HP EtherTwist, HP AdvanceStack and HP ProCurve devices may be disconnected without warning. TCP sessions that have been disconnected can be re-established.
RESOLUTION
For the HP ProCurve Routing Switch 9315M, 9308M, and 9304M, the BGP technology can be protected by using the MD5 hash protection feature. HP recommends that our BGP customers implement MD5 protection as soon as possible to protect their connections against this type of attack.
Other managed HP EtherTwist, HP AdvanceStack and HP ProCurve devices are generally not impacted as TCP sessions that were disconnected can be re-established.
As a good practice, HP recommends the appropriate inactivity timeout feature on the device for each type of TCP session be implemented. TCP sessions include Telnet, SSH, SFTP and HTTP
HISTORY
Version: 1 (rev.1) - 02 October 2007 Initial release, with an SPC change from MI to GN
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."