HP ProCurve Switches Remote Unauthorized Information Disclosure

2013-08-1400:00:00

www.tenable.com

The remote HP ProCurve switch is missing a software update that corrects an issue where an attacker could remotely cause an unauthorized information disclosure.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(69346);
  script_version("1.5");
  script_cvs_date("Date: 2018/07/12 19:01:16");

  script_cve_id("CVE-2008-7270");
  script_bugtraq_id(45254);
  script_xref(name:"HP", value:"HPSBPV02891");
  script_xref(name:"HP", value:"SSRT101113");
  script_xref(name:"HP", value:"emr_na-c03819065");

  script_name(english:"HP ProCurve Switches Remote Unauthorized Information Disclosure");
  script_summary(english:"Checks model number and software version to determine presence of flaw");

  script_set_attribute(attribute: "synopsis", value:"The remote host is missing a vendor-supplied software update.");
  script_set_attribute(attribute: "description", value:
"The remote HP ProCurve switch is missing a software update that
corrects an issue where an attacker could remotely cause an unauthorized
information disclosure.");
  script_set_attribute(attribute: "solution", value:"Upgrade to the appropriate software version or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  # https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c03819065
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7c5c3056");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/09/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/07/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:hp:procurve_switch");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);

  script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
  script_family(english:"Misc.");

  script_dependencies("hp_procurve_version.nasl");
  script_require_keys("Host/HP_Switch");
  exit(0);
}

include("audit.inc");

# ###########################
# function assumes both a and b are of the form K.15.12
# ###########################
function version_cmp(a, b)
{
 local_var i, vala, valb, max;

 a = split(a, sep:'.', keep:FALSE);
 b = split(b, sep:'.', keep:FALSE);

 # check that the first string part matches
 if (toupper(a[0]) != toupper(b[0])) return -2;

 max = max_index(a);
 if (max_index(b) > max) max = max_index(b);

 # now loop over all of the remaining int parts
 for ( i = 1; i < max ; i ++ )
 {
  if (i >= max_index(a)) vala = 0;
  else vala = int(a[i]);
  if (i >= max_index(b)) valb = 0;
  else valb = int(b[i]);

  if ( vala < valb )
        return -1;
  else if ( vala > valb )
        return 1;
 }
  return 0;
}

if ( ! get_kb_item('Host/HP_Switch') ) exit(0, "This is not an HP Switch.");

rev = get_kb_item("Host/HP_Switch/SoftwareRevision");
model = get_kb_item("Host/HP_Switch/Model");
if ( (!rev) || (!model) || (rev == "unknown") || (model == "unknown") )
  exit(0, "The model number and/or software version could not be obtained.");

flag = 0;
patched_ver = "";

# A.14.20 or A.15.06
if ( (model == "J9565A") ||
     (model == "J9562A") )
{
  if (version_cmp(a:"A.14.20", b:rev) > 0)
  {
    patched_ver = "A.14.20 or A.15.06";
    flag++;
  }
  if ( (version_cmp(a:"A.15.0", b:rev) <= 0) && (version_cmp(a:"A.15.06", b:rev) > 0) )
  {
    patched_ver = "A.15.06";
    flag++;
  }
}

# E.11.34
if ( (model == "J4850A") ||
     (model == "J8166A") ||
     (model == "J4819A") ||
     (model == "J8167A") ||
     (model == "J4849A") ||
     (model == "J4849B") ||
     (model == "J4848A") ||
     (model == "J4848B") )
  if (version_cmp(a:"E.11.34", b:rev) > 0)
  {
    patched_ver = "E.11.34";
    flag++;
  }

# H.10.108
if ( (model == "J8762A") ||
     (model == "J4900A") ||
     (model == "J4900B") ||
     (model == "J4900C") ||
     (model == "J4899A") ||
     (model == "J4899B") ||
     (model == "J4899C") ||
     (model == "J8164A") ||
     (model == "J8165A") )
  if (version_cmp(a:"H.10.108", b:rev) > 0)
  {
    patched_ver = "H.10.108";
    flag++;
  }

# i.10.98
if ( (model == "J4903A") ||
     (model == "J4904A") )
  if (version_cmp(a:"i.10.98", b:rev) > 0)
  {
    patched_ver = "i.10.98";
    flag++;
  }

# J.14.61 or J.15.06
if ( (model == "J9299A") ||
     (model == "J9298A") )
{
  if (version_cmp(a:"J.14.61", b:rev) > 0)
  {
    patched_ver = "J.14.61 or J.15.06";
    flag++;
  }
  if ( (version_cmp(a:"J.15.0", b:rev) <= 0) && (version_cmp(a:"J.15.06", b:rev) > 0) )
  {
    patched_ver = "J.15.06";
    flag++;
  }
}

# L.11.38
if ( (model == "J8772B") ||
     (model == "J8770A") ||
     (model == "J9064A") ||
     (model == "J8773A") ||
     (model == "J9030A") ||
     (model == "J8775B") ||
     (model == "J8771A") ||
     (model == "J8772A") ||
     (model == "J8774A") ||
     (model == "J8775A") )
  if (version_cmp(a:"L.11.38", b:rev) > 0)
  {
    patched_ver = "L.11.38";
    flag++;
  }

# M.10.95
if ( (model == "J4906A") ||
     (model == "J4905A") )
  if (version_cmp(a:"M.10.95", b:rev) > 0)
  {
    patched_ver = "M.10.95";
    flag++;
  }

# N.11.56
if ( (model == "J9021A") ||
     (model == "J9022A") )
  if (version_cmp(a:"N.11.56", b:rev) > 0)
  {
    patched_ver = "N.11.56";
    flag++;
  }

# Q.11.55
if ( (model == "J9019B") ||
     (model == "J9019A") )
  if (version_cmp(a:"Q.11.55", b:rev) > 0)
  {
    patched_ver = "Q.11.55";
    flag++;
  }

# R.11.92
if ( (model == "J9085A") ||
     (model == "J9087A") ||
     (model == "J9086A") ||
     (model == "J9088A") ||
     (model == "J9089A") )
  if (version_cmp(a:"R.11.92", b:rev) > 0)
  {
    patched_ver = "R.11.92";
    flag++;
  }

# S.14.36 or S.15.06
if ( (model == "J9138A") ||
     (model == "J9137A") )
{
  if (version_cmp(a:"S.14.36", b:rev) > 0)
  {
    patched_ver = "S.14.36 or S.15.06";
    flag++;
  }
  if ( (version_cmp(a:"S.15.0", b:rev) <= 0) && (version_cmp(a:"S.15.06", b:rev) > 0) )
  {
    patched_ver = "S.15.06";
    flag++;
  }
}

# U.11.43
if (model == "J9020A")
  if (version_cmp(a:"U.11.43", b:rev) > 0)
  {
    patched_ver = "U.11.43";
    flag++;
  }

# Y.11.38
if ( (model == "J9279A") ||
     (model == "J9280A") )
  if (version_cmp(a:"Y.11.38", b:rev) > 0)
  {
    patched_ver = "Y.11.38";
    flag++;
  }

# report as needed
if (flag)
{
  report = string(
    "The Remote HP ProCurve system is not patched :\n",
    "  Model # : ", model, "\n",
    "\n",
    "    Current Software Revision : ", rev, "\n",
    "    Patched Software Revision : ", patched_ver, "\n"
  );

  security_warning(port:0, extra:report);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
hpprocurve_switchcpe:/h:hp:procurve_switch

Vendor	Product	Version	CPE
hp	procurve_switch		cpe:/h:hp:procurve_switch

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7270

www.nessus.org/u?7c5c3056

JSON

Related for HP_PROCURVE_HPSBPV02891.NASL