Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.0762
Security Advisory-OpenSSL Heartbeat Extension vulnerability
(Heartbleed bug) on Huawei multiple products
20 May 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Huawei products
Publisher: Huawei
Operating System: Network Appliance
Impact/Access: Access Privileged Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2014-0160
Reference: ASB-2014.0059
ASB-2014.0054
ESB-2014.0461
ESB-2014.0458.2
ESB-2014.0457
Original Bulletin:
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-332187.htm
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Advisory-OpenSSL Heartbeat Extension vulnerability (Heartbleed bug) on
Huawei multiple products
SA No: Huawei-SA-20140417-Heartbleed
Initial Release Date: 04-17-2014
Last Release Date: 05-15-2014
Summary
Some OpenSSL software versions used in multiple Huawei products have the
following OpenSSL vulnerability. Unauthorized remote attackers can dump 64
Kbytes of memory of the connected server or client in each attack. The leaked
memory may contain sensitive information, such as passwords and private keys
(Vulnerability ID: HWPSIRT-2014-0414).
This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE)
ID: CVE-2014-0160.
Impact
The impacts of this vulnerability on Huawei products vary with products.
Attackers may exploit this vulnerability to dump a certain size of memory of
devices. The leaked memory may contain sensitive information, such as passwords
and private keys.
Vulnerability Scoring Details
The vulnerability classification has been performed by using the CVSSv2
scoring system (http://www.first.org/cvss/).
Base Score: 5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N)
Temporal Score: 3.9 (E:P/RL:O/RC:C)
Technique Details
1. Prerequisite:
This vulnerability can be exploited only when the following conditions are
present:
The attacker is able to locally or remotely access the device affected by the
vulnerability.
2. Vulnerability details:
The vulnerability is due to a missing memory bounds check when the OpenSSL
software processes TLS heartbeat packets. Attackers can trigger the
vulnerability by sending malformed TLS heartbeat packets to the server. The
attacker may also impersonate a server to send malicious packets to a client
that accesses the server to attack the client. After the attack succeeds, the
attacker can dump a certain size of memory each time the attacker sends a
malicious heartbeat packet. The dumped memory may contain sensitive
information, such as passwords and private keys.
Temporary Fix
Null
Software Versions and Fixes
Product Name Affected Version Solved Plan/Patch Link
AHR V100R003C00SPC350 and V100R003C00SPC360
later versions
BCM BCM V300R003C01 V300R003C30LG0106SPC002
BCM V300R003C30 V300R003C50SPC020
Billing V5R5 CBS V500R005C21 BCM
V300R003C30LG0106SPC002
BCM
V300R003C50SPC020
CBS CBS V300R003C01 BICP V100R001C50LS0002
CBS V100R002C02 BCM V300R003C30LG0106SPC002
BCM V300R003C50SPC020
CCE3.0 CCE V100R003C00 V100R003C00CP1301
CPS CPS V100R001C10 BICP V100R001C50LS0002
CPS V100R001C20 BCM V300R003C30LG0106SPC002
BCM V300R003C50SPC020
CRM CC&BM V100R002C61 BICP V100R001C50LS0002
CC&BM V100R002C62
CC&BM V100R002C72
Wimax BOSS V100R001C01
CSP V600R005C10 V600R003C90LG1032
V600R005C11SPC100
CTI V300R005C50 V300R005C50SPC011
V300R006C30
DWH V100R002C10 BICP V100R001C50LS0002
V100R002C30
eBIMS V100R001C00SPC100 V100R001C00SPC200
ECC500 V600R001C00 V600R001C00SPC100
EDC Solution V100R001C01 Tecal E6000 Chassis V100R001C00SPC111
Tecal BH622 V2 V100R002C00SPC108
Tecal BH640 V2 V100R002C00SPC107
eLTE Broadband Access eSight V300R001C10 V300R001C10CP2004
eCNS600 V100R001C00 V100R002C00SPC300
eCNS600 V100R002C00 V100R002C00SPC300
eSDK Solution V100R002C01 eSDK IVS V100R003C10SPC100
eSDK UC V100R003C10SPC001
eSight V200R003C00 V200R003C01SPC204
V200R003C01 V200R003C01SPC204
V200R003C10
eSight UC&C V100R001C01 V100R001C20SPH303
V100R001C02 V100R001C01SPH301
eSpace desktop V200R001 V200R001C03SPC800
eSpace Meeting Portal V100R001C00 V100R001C00SPC302
eSpace IVS V100R001C02 V100R001C02SPC102
eSpace UC V200R001C50 V200R001C50SPC003T
EVC3.3 EVC V300R003C02 BICP V100R001C50LS0002
FusionCloud Desktop V100R003C00 Tecal E9000 Chassis V100R001C00SPC160
Solution Tecal RH2285 V2 V100R002C00SPC113
Fusioncube V100R002C00 Tecal RH2288 V2 V100R002C00SPC115
V100R002C01 Tecal E9000 Chassis V100R001C00SPC160
FusionSphere V100R003C00 Tecal E9000 Chassis V100R001C00SPC160
HSS9860 HSS9860 V900R008C20 V900R008C20SPC508
HyperDP OceanStor N8500V200R001C09 V200R001C09SPC500
OceanStor N8500 V200R001C91 V200R001C91SPC200
IDC Solution V100R001C01 Tecal RH2288 V2 V100R002C00SPC115
Tecal RH2285 V2 V100R002C00SPC113
Tecal E6000 Chassis V100R001C00SPC111
Tecal BH622 V2 V100R002C00SPC108
Tecal BH640 V2 V100R002C00SPC107
Tecal BH640 V2 V100R002C00SPC107
V100R001C03 Tecal E9000 Chassis V100R001C00SPC160
Tecal RH2285 V2 V100R002C00SPC113
Tecal RH2288 V2 V100R002C00SPC115
Tecal RH2485 V2 V100R002C00SPC501
Tecal RH5885 V2 V100R001C02SPC109
Tecal XH310 V2 V100R001C00SPC107
Tecal XH311 V2 V100R001C00SPC107
Tecal XH320 V2 V100R001C00SPC109
Tecal XH621 V2 V100R001C00SPC105
Tecal RH1288 V2 V100R002C00SPC105
Tecal DH310 V2 V100R001C00SPC107
Tecal DH620 V2 V100R001C00SPC105
Tecal DH621 V2 V100R001C00SPC105
Tecal E6000 Chassis V100R001C00SPC111
Tecal BH622 V2 V100R002C00SPC108
Tecal BH640 V2 V100R002C00SPC107
CSB Solution V100R001C01SPC101
IDS2000 V300R001C11/C12/C31/C32 ECC500 V300R001C30
iManager M2000 iManager M2000 V200R013C00SPC230
iManager M2000 V200R013C00HP2301 V200R013C00CP2302
iManager PRS iManager PRS V100R014C00SPC100 V100R014C00CP1501
iManager U2000 iManager U2000 V100R009C00SPC300 V100R009C00CP3002
iManager U2000-M iManager U2000 V200R014C00SPC100
iManager U2000 V200R014C00SPC110 V200R014C00SPC200
IMS IMS V200R010C00 CGP V100R006C60SPC609
ISOP V200R001C00 BICP V100R001C50LS0002
LMT of GGSN9811/ GGSN9811 V900R008C01 UGW9811 V900R009C01SPC300
UGW9811/ PDSN9660/ UGW9811 V900R001C03 UGW9811 V900R009C02SPC200
WASN9770/ HA9661 UGW9811 V900R001C05 UGW9811 V900R010C00SPC100
UGW9811 V900R009C01 UGW9811 V900R010C01SPC200
UGW9811 V900R009C02 UGW9811 V900R010C72SPC200
UGW9811 V900R010C00 UGW9811 V900R010C81SPC100
UGW9811 V900R010C01 HA9661 V900R007C06SPC300
UGW9811 V900R010C72 PDSN9660 V900R007C06SPC200
UGW9811 V900R010C81 WASN9770 V300R003C02SPC300
HA9661 V900R007C06
PDSN9660 V900R007C02
PDSN9660 V900R007C03
PDSN9660 V900R007C05
PDSN9660 V900R007C06
WASN9770 V300R003C01
WASN9770 V300R003C02
Mediation Mediation V100R002C20 BCM V300R003C30LG0106SPC002
Mediation V100R002C30 BCM V300R003C50SPC020
Mobile phone Y300 Y300-0100 V100R001C00B197 In the TA ( technical accept) testing
Mobile phone G510 G510-0200 V100R001C00B193 V100R001C00B200
Mobile phone U8686 V100R001C85B177/B187 In the TA ( technical accept) testing
Mobile phone C8813 V100R001C92B173 In the TA ( technical accept) testing
MSOFTX3000 MSOFTX3000 V200R010C10 V200R010C10SPH103
Nastar GENEX Nastar V600R014C00SPC201T V600R014C00CP0010
GENEX Nastar V600R014C00
NetCol ACC V100R001C10/C20/C30 V100R001C10
NGIN SNE V300R002C20 V300R002C50
SNE V300R002C30
SNE V300R002C40
SNE V300R002C50
BMP V100R002C30 V100R002C40SPC001
BMP V100R002C40
OCS OCS V100R002C01 BCM V300R003C30LG0106SPC002
OCS V300R003C01 BICP V100R001C50LS0002
BCM V300R003C50SPC020
OIC V100R001C00SPC300 V100R001C00SPC401
V100R001C00SPC400
OnlineMediation OnlineMediationV300R003C01 ONIP SNE V300R002C50
OnlineMediationV300R003C02 BICP V100R001C50LS0002
OnlineMediationV300R003C21
OnlineMediationV300R003C30
OpenEye CMS V300R001C60SPC001 V300R001C60SPC002
PCCS PowerCube1000 V300R002C03 V300R002C03SPC600
PowerCube Controller Software
V300R002C00/C10/C20C/C30
PDU8000 V100R002C00 V100R002C00SPC100
Policy Center V100R003C00 V100R003C00SPC303
PRM PRM V300R001C08 BCM V300R003C30LG0106SPC002
PRM V300R001C20 BCM V300R003C50SPC020
RCS9880 V100R002C10 V100R002C10CP0001
V100R003C00 V100R003C00CP0001
SAG V200R001C38 V200R001C38LG0005
SANEX V100R002C00 V100R002C00SPC002
Smart Campaign V300R003C02 BICP V100R001C50LS0002
SMU02B SMU V300R002C02 SUM V300R002C02SPC73
V300R002C10 SUM V300R002C20SPC74
SOFTX3000 V600R012C10 V600R012C10SPC203
SPS V300R007C00 V300R007C00SPH103
STB V100R002C15LLNL72 Terminal Middleware
V100R002C15LSCD81 V100R001C06LCOE02SPC200
V100R001C06LCOE01SPC200
Tecal E6000 V100R002 Tecal E6000 Chassis V100R001C00SPC111
Tecal BH622 V2 V100R002C00SPC108
Tecal BH640 V2 V100R002C00SPC107
Tecal E6000 Chassis V100R001C00
Tecal E6000 Chassis V100R001C00SPC111
Tecal BH622 V2 V100R002C00SPC108
Tecal BH640 V2 V100R002C00SPC107
Tecal E9000 Chassis V100R001 Tecal E9000 Chassis V100R001C00SPC160
Tecal CH121 V100R001C00SPC150
Tecal CH140 V100R001C00SPC100
Tecal CH220 V100R001C00SPC150
Tecal CH221 V100R001C00SPC150
Tecal CH222 V100R002C00SPC150
Tecal CH240 V100R001C00SPC150
Tecal CH242 V100R001C00SPC150
Tecal CH242 V3 V100R001C00SPC100
Tecal RH1288 V2 V100R002C00 V100R002C00SPC105
Tecal RH2285 V2 V100R002C00 V100R002C00SPC113
Tecal RH2285H V2 V100R002C00 V100R002C00SPC108
Tecal RH2288 V2 V100R002C00 V100R002C00SPC115
Tecal RH2288H V2 V100R002C00 V100R002C00SPC110
Tecal RH2485 V2 V100R002 V100R002C00SPC501
Tecal RH5885 V2 V100R001 V100R001C02SPC109
V100R003
Tecal RH5885 V3 V100R003 V100R003C01SPC101
Tecal X6000 V100R002 Tecal XH310 V2 V100R001C00SPC107
Tecal XH311 V2 V100R001C00SPC107
Tecal XH320 V2 V100R001C00SPC109
Tecal XH621 V2 V100R001C00SPC105
Tecal X8000 V100R001 Tecal DH310 V2 V100R001C00SPC107
Tecal DH620 V2 V100R001C00SPC105
Tecal DH621 V2 V100R001C00SPC105
WebLMT of BSC6900 BSC6900 V100R016C00 V100R016C00SPC600
WebLMT of BSC6910 BSC6910 V100R016C00 V100R016C00SPC600
WebLMT of eGBTS/NODEB/MBTS BTS3900 V100R009C00 V100R009C00SPC100
WebLMT of eNodeb(FDD) BTS3900 V100R009C00 V100R009C00SPC100
WebLMT of eNodeb(TDD) BTS3900 V100R009C00 V100R009C00SPC100
WFM V200R001C00 V200R001C00SPC131
V100R001C01 V100R001C01SPC292
UAC3000 V100R003C00 CGP V100R006C60SPC609
UGC3200 UGC3200V200R010C00 CGP V100R006C60SPC609
UPCC UPCC V300R006C01 V300R006C01SPC203
UPCC V300R006C02 V300R006C02SPC105
UPS2000 V1R1C00/C10/C11/C30/C31 V100R001C10SPC401
UPS5000 V100R001C00/C01/C10/C02 V100R002C01SPC300
V100R002C00/C01/C02/C03 V100R001C10SPC600
V100R002C10/C11/C12/C13
USN9810 V900R012C01 V900R012C01SPH003
VGS SCG V500R005C30 V500R005C30LG0001
Obtaining Fixed Software
Customers should contact Huawei TAC (Huawei Technical Assistance Center) to
request the upgrades, or obtain them through Huawei worldwide website at
http://support.huawei.com/support/.
For TAC contact information, please refer to the following links:
TAC for Carrier Customers:
http://support.huawei.com/support/pages/news/NewsInfoAction.do?actionFlag=view&doc_id=IN0000034614&colID=ROOTENWEB%7CCO0000000169%7CCO0000003000.
TAC for enterprise customers:
http://support.huawei.com/enterprise/NewsReadAction.action?contentId=NEWS1000000563
TAC for Terminal Customers:
http://www.huaweidevice.com/resource/mini/201107199604/FAQ_ServiceHotline_en/index.html
http://www.huaweidevice.com/worldwide/netWorkPoint.do?method=index&directoryId=40
Exploitation and Vulnerability Source
This vulnerability is found by Codenomicon and Google security engineers.
Contact Channel for Technique Issue
For security problems about Huawei products and solutions, please contact
PSIRT@huawei.com.
For general problems about Huawei products and solutions, please directly
contact Huawei TAC (Huawei Technical Assistance Center) to request the
configuration or technical assistance.
Revision History
2014-05-15 V3.2 UPDATED update the Software Versions and Fixes
2014-05-14 V3.1 UPDATED update the Software Versions and Fixes
2014-05-13 V3.0 UPDATED update the Software Versions and Fixes
2014-05-12 V2.9 UPDATED update the Software Versions and Fixes
2014-05-12 V2.8 UPDATED update the Software Versions and Fixes
2014-05-12 V2.7 UPDATED update the Software Versions and Fixes
2014-05-10 V2.6 UPDATED update the Software Versions and Fixes
2014-05-10 V2.5 UPDATED update the Software Versions and Fixes
2014-05-09 V2.4 UPDATED update the Software Versions and Fixes
2014-05-09 V2.3 UPDATED update the Software Versions and Fixes
2014-05-08 V2.2 UPDATED update the Software Versions and Fixes
2014-05-07 V2.1 UPDATED update the Software Versions and Fixes
2014-05-06 V2.0 UPDATED update the Software Versions and Fixes
2014-05-05 V1.9 UPDATED update the Software Versions and Fixes
2014-05-04 V1.8 UPDATED update the Software Versions and Fixes
2014-04-30 V1.7 UPDATED update the Software Versions and Fixes
2014-04-28 V1.6 UPDATED update the Software Versions and Fixes
2014-04-24 V1.5 UPDATED update the Software Versions and Fixes
2014-04-22 V1.4 UPDATED update the Software Versions and Fixes
2014-04-21 V1.3 UPDATED update the Software Versions and Fixes
2014-04-21 V1.2 UPDATED update the Software Versions and Fixes
2014-04-18 V1.1 UPDATED update the Software Versions and Fixes
2014-04-17 V1.0 INITIAL
Declaration
This document is provided on an "AS IS" basis and does not imply any kind of
guarantee or warranty, either express or implied, including the warranties of
merchantability or fitness for a particular purpose. In no event shall Huawei.
or any of its directly or indirectly controlled subsidiaries or its suppliers
be liable for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages. Your use of the
document, by whatsoever means, will be totally at your own risk. Huawei is
entitled to amend or update this document from time to time.
Huawei Security Procedures
Complete information on providing feedback on security vulnerability of Huawei
products, getting support for Huawei security incident response services, and
obtaining Huawei security vulnerability information, is available on Huawei's
worldwide website at http://www.huawei.com/en/security/psirt/.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBU3rQORLndAQH1ShLAQK1LBAAn+2qEe+JevthDYMf//NlB8uvpo15alye
G10V+GLODRpdvwFFWly7RB27MYU6++NaeOzN/zrKMTHFoqK/16y94rZgDAw+87M+
2d9/cRjdmAomjkyJFAvohLz9LFXHrE6FP/i1eKFLdZl1KgE3cVXvWnZ7wExph8Zd
1AmsrLRzjGAm8pLIcQJiVlSnC8Y7LIzYAIPsLnmvive6DM/7cMrxN/LL3IJQ9oZM
pNVer+kw3gh9gmhmYnkGrZZpLJVyzWQaRSk448v2D8sZmbycPd3Yi93KjNnEB5PM
reMVfG6tI+YNoWfliy0RxTVQnJppTfVL9CxJ7dfbn5OSl9rLLz3Z0fNfc5T8yk1m
Z0CdwZkG15hwdZ9NNek8p10AV6EBqQNskwDdfipzMvyjlU3U7W6bFC4+5/fNfaYD
Rua5dvXoP4CvQd/Rl9ZLS/iYRyqHA0MuvNuQBCugOBZBopG28UzY2H2MujVaaQOM
WQwzfZ73djbwKTDB5jJzknZKJOm2kbZljwGoaE2/dWWqHWCbv1zh72Rqp5y6S7Xv
lLob2bcii7FNt0PUgq7C6orSocciarcM8+hCGUl9pDCJj3nv8lIwEmiv/4H6AD4n
xrRM5S75eoLDDlcdF4m5iGOOjXGBBupkrE9PxT9gF02NjmGjKWPu57RIaPkuXRzH
RaxE6zor0O4=
=phJq
-----END PGP SIGNATURE-----