HPSBGN02267 SSRT3647 rev.1 - Re-release of HPSBMI00006 ProCurve 5300 Switches, Remote Denial of Service (DoS)

  • KM02992667
  • 18-Oct-2017
  • 18-Oct-2017


A vulnerability in ProCurve 5300 series switches may allow creation of a remote denial of service (DoS).



Document ID: KM02992667 (c01179933)

Version: 1

HPSBGN02267 SSRT3647 rev.1 - Re-release of HPSBMI00006 ProCurve 5300 Switches, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2003-11-24

Last Updated: 2007-10-02

Potential Security Impact: Remote denial of service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team


A vulnerability in ProCurve 5300 series switches may allow creation of a remote denial of service (DoS).

References: HPSBMI00006

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HP ProCurve Switch 5304XL (J4850A), 5348XL (J4849A), 5372XL (J4848A), 5308XL (J4819A).


For a PGP signed version of this security bulletin please write to: security-alert@hp.com

Note: This Security Bulletin has been re-released with a new document number but without alteration of content. The purpose of this new number and re-release is to assure the document is available on all customer accessible databases. 

This is a reformatted version of Security Bulletin HPSBMI0311-006 SSRT3647 rev.0. 

The HP ProCurve Switches potentially suffer an adverse reaction to the presence of the Blaster/Welchia worms. Networking performance deteriorates resulting in the appearance of a Denial of Service for connected end nodes, generally running Microsoft Windows operating systems. HP ProCurve Switches can exhibit deteriorating performance and fail to function in presence of RPC worms such as Welchia and Blaster. 

Only the following HP ProCurve Switches are affected: 5304XL (J4850A), 5348XL (J4849A), 5372XL (J4848A), 5308XL (J4819A). 

NOTE: This problem does not directly impact HP-UX, MPE/iX, HP NonStop Servers, HP OpenVMS, nor HP Tru64 UNIX/Trucluster Server.


HP has made the following software updates available to resolve the vulnerability.

The software updates are available from: http://www.hp.com/rnd/software/switches.htm 

ProCurve 5300 series switches
Install firmware E.07.40, or subsequent

Several steps need to be taken to mitigate the problem. 

1. Locate and remove worms from infected and connected network clients. To accomplish that task, download the Snort* utility which is designed to identify a network client infected by the Blaster and/or Welchia worms. http://www.snort.org/ Non-HPE site 

Follow the recommended instructions provided to install and to locate and remove these worms from a network. 

The following link provides some details of how to detect traffic that is caused by such worms and the data from this link can be used to compare to the traces that captured from a network. http://www.symantec.com Non-HPE site  Non-HPE site 

2. Administrators should take actions to prevent worm infiltrations on the network by ensuing that the latest patches for security vulnerabilities are applied to end clients via Microsoft Security releases. http://update.microsoft.com Non-HPE site 

3. Download and install the new switch software version E.07.40 or subsequent from: http://www.hp.com/rnd/software/switches.htm 

If further assistance is required, contact a local ProCurve Customer Care Center, or visit the web site at: https://my.procurve.com/help/help_topics.aspx?CultureCode=en-US Non-HPE site 

* Snort is not included with HP Operating Systems and is not supported by HP; the information has been included in this document as a reference to customers who may be interested in evaluating it as it applies to this particular subject. 

Version: 1 (rev.1) - 02 October 2007 Initial release, with an SPC change MI to GN.

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. 
©Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.