Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2014.0012
A vulnerability has been identified in Huawei's Eudemon
8000E firewall prior to version V200R001C01SPC900.
31 January 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Huawei Eudemon 8000E
Operating System: Network Appliance
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
Member content until: Sunday, March 2 2014
OVERVIEW
A vulnerability has been identified in Huawei's Eudemon8000E firewall
prior to version V200R001C01SPC900.
IMPACT
The vendor has given the following information:
"Huawei Eudemon8000E firewall allows users to log in to the device
using Telnet or SSH. When an attacker sends to the device a mass of
TCP packets with special structure, the logging process become
slowly and users may be unable to log in to the device
(HWNSIRT-2014-0101)." [1]
MITIGATION
Huawei recommends upgrading the device to the latest firmware.
REFERENCES
[1] Security Advisory-DoS Vulnerability in Eudemon8000E
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-325385.htm
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUusOMxLndAQH1ShLAQIVqw//agH07+j3XKpyAr3ltszjTAhCH2d2VRSC
k6qT9TAAQyjK4kssKRV71s2d8crdoUTRID+0/o79u5WBzzTZLJiGRCL8PkeVnZ1X
LzVdlbdiCZ2VvLq61eSGFG+rZbpAGfnd2T2+isdFRu41CqDAWvEW8KCHv9YAsmoO
xx8osqZIv8a9tuYj2OiaPpjLXt4DawfBRn6Qu2hRH7JdSGu+XY1Kh4RKE5RP424A
H7zkNbyZY+uE5m5rPKNAfxqbzm2UrUD2yS6HGCP5BgqUbfLXOdb2o+2MRqn2aD3S
tl7Qg3mqYvA22jaY86Sj+dh5v6YWt2DfKBbFKrsW7t6KdkaduKT2ZeADDTbMEpnG
tINj4UGZ5yW8dGTa7zB7hknVbR+zqzcKJDQHYrhUFqeb/FvMfEvI5jjaLnuzS3H7
KttxOZVtW+QUwGC6MxkEWhoQlVnJ79YfuXzZEG0KbZfW30mTriicEcVeeoabcsWx
UQ3lB88ZTWDabtG0f1YC8JS6bvFZv27BKku+QsOx7cY7ms7YK38Bes8eqb2cnhdC
VLZAMK/uPQnW3vE/4uhQi6Rs49sT/i7RMiknSxsLKvURhZk7wQr+10NAXoMTbSvb
ekaxvMrfOH5b8FWKU00mRZBtNzcGhlv8J/d/emgAyTFTmOoypHkX1OjpnW9EQ0Ox
S3nL8sIdK3c=
=wjUS
-----END PGP SIGNATURE-----