Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0762 Security Advisory-OpenSSL Heartbeat Extension vulnerability (Heartbleed bug) on Huawei multiple products 20 May 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Huawei products Publisher: Huawei Operating System: Network Appliance Impact/Access: Access Privileged Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-0160 Reference: ASB-2014.0059 ASB-2014.0054 ESB-2014.0461 ESB-2014.0458.2 ESB-2014.0457 Original Bulletin: http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-332187.htm - --------------------------BEGIN INCLUDED TEXT-------------------- Security Advisory-OpenSSL Heartbeat Extension vulnerability (Heartbleed bug) on Huawei multiple products SA No: Huawei-SA-20140417-Heartbleed Initial Release Date: 04-17-2014 Last Release Date: 05-15-2014 Summary Some OpenSSL software versions used in multiple Huawei products have the following OpenSSL vulnerability. Unauthorized remote attackers can dump 64 Kbytes of memory of the connected server or client in each attack. The leaked memory may contain sensitive information, such as passwords and private keys (Vulnerability ID: HWPSIRT-2014-0414). This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID: CVE-2014-0160. Impact The impacts of this vulnerability on Huawei products vary with products. Attackers may exploit this vulnerability to dump a certain size of memory of devices. The leaked memory may contain sensitive information, such as passwords and private keys. Vulnerability Scoring Details The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/). Base Score: 5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) Temporal Score: 3.9 (E:P/RL:O/RC:C) Technique Details 1. Prerequisite: This vulnerability can be exploited only when the following conditions are present: The attacker is able to locally or remotely access the device affected by the vulnerability. 2. Vulnerability details: The vulnerability is due to a missing memory bounds check when the OpenSSL software processes TLS heartbeat packets. Attackers can trigger the vulnerability by sending malformed TLS heartbeat packets to the server. The attacker may also impersonate a server to send malicious packets to a client that accesses the server to attack the client. After the attack succeeds, the attacker can dump a certain size of memory each time the attacker sends a malicious heartbeat packet. The dumped memory may contain sensitive information, such as passwords and private keys. Temporary Fix Null Software Versions and Fixes Product Name Affected Version Solved Plan/Patch Link AHR V100R003C00SPC350 and V100R003C00SPC360 later versions BCM BCM V300R003C01 V300R003C30LG0106SPC002 BCM V300R003C30 V300R003C50SPC020 Billing V5R5 CBS V500R005C21 BCM V300R003C30LG0106SPC002 BCM V300R003C50SPC020 CBS CBS V300R003C01 BICP V100R001C50LS0002 CBS V100R002C02 BCM V300R003C30LG0106SPC002 BCM V300R003C50SPC020 CCE3.0 CCE V100R003C00 V100R003C00CP1301 CPS CPS V100R001C10 BICP V100R001C50LS0002 CPS V100R001C20 BCM V300R003C30LG0106SPC002 BCM V300R003C50SPC020 CRM CC&BM V100R002C61 BICP V100R001C50LS0002 CC&BM V100R002C62 CC&BM V100R002C72 Wimax BOSS V100R001C01 CSP V600R005C10 V600R003C90LG1032 V600R005C11SPC100 CTI V300R005C50 V300R005C50SPC011 V300R006C30 DWH V100R002C10 BICP V100R001C50LS0002 V100R002C30 eBIMS V100R001C00SPC100 V100R001C00SPC200 ECC500 V600R001C00 V600R001C00SPC100 EDC Solution V100R001C01 Tecal E6000 Chassis V100R001C00SPC111 Tecal BH622 V2 V100R002C00SPC108 Tecal BH640 V2 V100R002C00SPC107 eLTE Broadband Access eSight V300R001C10 V300R001C10CP2004 eCNS600 V100R001C00 V100R002C00SPC300 eCNS600 V100R002C00 V100R002C00SPC300 eSDK Solution V100R002C01 eSDK IVS V100R003C10SPC100 eSDK UC V100R003C10SPC001 eSight V200R003C00 V200R003C01SPC204 V200R003C01 V200R003C01SPC204 V200R003C10 eSight UC&C V100R001C01 V100R001C20SPH303 V100R001C02 V100R001C01SPH301 eSpace desktop V200R001 V200R001C03SPC800 eSpace Meeting Portal V100R001C00 V100R001C00SPC302 eSpace IVS V100R001C02 V100R001C02SPC102 eSpace UC V200R001C50 V200R001C50SPC003T EVC3.3 EVC V300R003C02 BICP V100R001C50LS0002 FusionCloud Desktop V100R003C00 Tecal E9000 Chassis V100R001C00SPC160 Solution Tecal RH2285 V2 V100R002C00SPC113 Fusioncube V100R002C00 Tecal RH2288 V2 V100R002C00SPC115 V100R002C01 Tecal E9000 Chassis V100R001C00SPC160 FusionSphere V100R003C00 Tecal E9000 Chassis V100R001C00SPC160 HSS9860 HSS9860 V900R008C20 V900R008C20SPC508 HyperDP OceanStor N8500V200R001C09 V200R001C09SPC500 OceanStor N8500 V200R001C91 V200R001C91SPC200 IDC Solution V100R001C01 Tecal RH2288 V2 V100R002C00SPC115 Tecal RH2285 V2 V100R002C00SPC113 Tecal E6000 Chassis V100R001C00SPC111 Tecal BH622 V2 V100R002C00SPC108 Tecal BH640 V2 V100R002C00SPC107 Tecal BH640 V2 V100R002C00SPC107 V100R001C03 Tecal E9000 Chassis V100R001C00SPC160 Tecal RH2285 V2 V100R002C00SPC113 Tecal RH2288 V2 V100R002C00SPC115 Tecal RH2485 V2 V100R002C00SPC501 Tecal RH5885 V2 V100R001C02SPC109 Tecal XH310 V2 V100R001C00SPC107 Tecal XH311 V2 V100R001C00SPC107 Tecal XH320 V2 V100R001C00SPC109 Tecal XH621 V2 V100R001C00SPC105 Tecal RH1288 V2 V100R002C00SPC105 Tecal DH310 V2 V100R001C00SPC107 Tecal DH620 V2 V100R001C00SPC105 Tecal DH621 V2 V100R001C00SPC105 Tecal E6000 Chassis V100R001C00SPC111 Tecal BH622 V2 V100R002C00SPC108 Tecal BH640 V2 V100R002C00SPC107 CSB Solution V100R001C01SPC101 IDS2000 V300R001C11/C12/C31/C32 ECC500 V300R001C30 iManager M2000 iManager M2000 V200R013C00SPC230 iManager M2000 V200R013C00HP2301 V200R013C00CP2302 iManager PRS iManager PRS V100R014C00SPC100 V100R014C00CP1501 iManager U2000 iManager U2000 V100R009C00SPC300 V100R009C00CP3002 iManager U2000-M iManager U2000 V200R014C00SPC100 iManager U2000 V200R014C00SPC110 V200R014C00SPC200 IMS IMS V200R010C00 CGP V100R006C60SPC609 ISOP V200R001C00 BICP V100R001C50LS0002 LMT of GGSN9811/ GGSN9811 V900R008C01 UGW9811 V900R009C01SPC300 UGW9811/ PDSN9660/ UGW9811 V900R001C03 UGW9811 V900R009C02SPC200 WASN9770/ HA9661 UGW9811 V900R001C05 UGW9811 V900R010C00SPC100 UGW9811 V900R009C01 UGW9811 V900R010C01SPC200 UGW9811 V900R009C02 UGW9811 V900R010C72SPC200 UGW9811 V900R010C00 UGW9811 V900R010C81SPC100 UGW9811 V900R010C01 HA9661 V900R007C06SPC300 UGW9811 V900R010C72 PDSN9660 V900R007C06SPC200 UGW9811 V900R010C81 WASN9770 V300R003C02SPC300 HA9661 V900R007C06 PDSN9660 V900R007C02 PDSN9660 V900R007C03 PDSN9660 V900R007C05 PDSN9660 V900R007C06 WASN9770 V300R003C01 WASN9770 V300R003C02 Mediation Mediation V100R002C20 BCM V300R003C30LG0106SPC002 Mediation V100R002C30 BCM V300R003C50SPC020 Mobile phone Y300 Y300-0100 V100R001C00B197 In the TA ( technical accept) testing Mobile phone G510 G510-0200 V100R001C00B193 V100R001C00B200 Mobile phone U8686 V100R001C85B177/B187 In the TA ( technical accept) testing Mobile phone C8813 V100R001C92B173 In the TA ( technical accept) testing MSOFTX3000 MSOFTX3000 V200R010C10 V200R010C10SPH103 Nastar GENEX Nastar V600R014C00SPC201T V600R014C00CP0010 GENEX Nastar V600R014C00 NetCol ACC V100R001C10/C20/C30 V100R001C10 NGIN SNE V300R002C20 V300R002C50 SNE V300R002C30 SNE V300R002C40 SNE V300R002C50 BMP V100R002C30 V100R002C40SPC001 BMP V100R002C40 OCS OCS V100R002C01 BCM V300R003C30LG0106SPC002 OCS V300R003C01 BICP V100R001C50LS0002 BCM V300R003C50SPC020 OIC V100R001C00SPC300 V100R001C00SPC401 V100R001C00SPC400 OnlineMediation OnlineMediationV300R003C01 ONIP SNE V300R002C50 OnlineMediationV300R003C02 BICP V100R001C50LS0002 OnlineMediationV300R003C21 OnlineMediationV300R003C30 OpenEye CMS V300R001C60SPC001 V300R001C60SPC002 PCCS PowerCube1000 V300R002C03 V300R002C03SPC600 PowerCube Controller Software V300R002C00/C10/C20C/C30 PDU8000 V100R002C00 V100R002C00SPC100 Policy Center V100R003C00 V100R003C00SPC303 PRM PRM V300R001C08 BCM V300R003C30LG0106SPC002 PRM V300R001C20 BCM V300R003C50SPC020 RCS9880 V100R002C10 V100R002C10CP0001 V100R003C00 V100R003C00CP0001 SAG V200R001C38 V200R001C38LG0005 SANEX V100R002C00 V100R002C00SPC002 Smart Campaign V300R003C02 BICP V100R001C50LS0002 SMU02B SMU V300R002C02 SUM V300R002C02SPC73 V300R002C10 SUM V300R002C20SPC74 SOFTX3000 V600R012C10 V600R012C10SPC203 SPS V300R007C00 V300R007C00SPH103 STB V100R002C15LLNL72 Terminal Middleware V100R002C15LSCD81 V100R001C06LCOE02SPC200 V100R001C06LCOE01SPC200 Tecal E6000 V100R002 Tecal E6000 Chassis V100R001C00SPC111 Tecal BH622 V2 V100R002C00SPC108 Tecal BH640 V2 V100R002C00SPC107 Tecal E6000 Chassis V100R001C00 Tecal E6000 Chassis V100R001C00SPC111 Tecal BH622 V2 V100R002C00SPC108 Tecal BH640 V2 V100R002C00SPC107 Tecal E9000 Chassis V100R001 Tecal E9000 Chassis V100R001C00SPC160 Tecal CH121 V100R001C00SPC150 Tecal CH140 V100R001C00SPC100 Tecal CH220 V100R001C00SPC150 Tecal CH221 V100R001C00SPC150 Tecal CH222 V100R002C00SPC150 Tecal CH240 V100R001C00SPC150 Tecal CH242 V100R001C00SPC150 Tecal CH242 V3 V100R001C00SPC100 Tecal RH1288 V2 V100R002C00 V100R002C00SPC105 Tecal RH2285 V2 V100R002C00 V100R002C00SPC113 Tecal RH2285H V2 V100R002C00 V100R002C00SPC108 Tecal RH2288 V2 V100R002C00 V100R002C00SPC115 Tecal RH2288H V2 V100R002C00 V100R002C00SPC110 Tecal RH2485 V2 V100R002 V100R002C00SPC501 Tecal RH5885 V2 V100R001 V100R001C02SPC109 V100R003 Tecal RH5885 V3 V100R003 V100R003C01SPC101 Tecal X6000 V100R002 Tecal XH310 V2 V100R001C00SPC107 Tecal XH311 V2 V100R001C00SPC107 Tecal XH320 V2 V100R001C00SPC109 Tecal XH621 V2 V100R001C00SPC105 Tecal X8000 V100R001 Tecal DH310 V2 V100R001C00SPC107 Tecal DH620 V2 V100R001C00SPC105 Tecal DH621 V2 V100R001C00SPC105 WebLMT of BSC6900 BSC6900 V100R016C00 V100R016C00SPC600 WebLMT of BSC6910 BSC6910 V100R016C00 V100R016C00SPC600 WebLMT of eGBTS/NODEB/MBTS BTS3900 V100R009C00 V100R009C00SPC100 WebLMT of eNodeb(FDD) BTS3900 V100R009C00 V100R009C00SPC100 WebLMT of eNodeb(TDD) BTS3900 V100R009C00 V100R009C00SPC100 WFM V200R001C00 V200R001C00SPC131 V100R001C01 V100R001C01SPC292 UAC3000 V100R003C00 CGP V100R006C60SPC609 UGC3200 UGC3200V200R010C00 CGP V100R006C60SPC609 UPCC UPCC V300R006C01 V300R006C01SPC203 UPCC V300R006C02 V300R006C02SPC105 UPS2000 V1R1C00/C10/C11/C30/C31 V100R001C10SPC401 UPS5000 V100R001C00/C01/C10/C02 V100R002C01SPC300 V100R002C00/C01/C02/C03 V100R001C10SPC600 V100R002C10/C11/C12/C13 USN9810 V900R012C01 V900R012C01SPH003 VGS SCG V500R005C30 V500R005C30LG0001 Obtaining Fixed Software Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades, or obtain them through Huawei worldwide website at http://support.huawei.com/support/. For TAC contact information, please refer to the following links: TAC for Carrier Customers: http://support.huawei.com/support/pages/news/NewsInfoAction.do?actionFlag=view&doc_id=IN0000034614&colID=ROOTENWEB%7CCO0000000169%7CCO0000003000. TAC for enterprise customers: http://support.huawei.com/enterprise/NewsReadAction.action?contentId=NEWS1000000563 TAC for Terminal Customers: http://www.huaweidevice.com/resource/mini/201107199604/FAQ_ServiceHotline_en/index.html http://www.huaweidevice.com/worldwide/netWorkPoint.do?method=index&directoryId=40 Exploitation and Vulnerability Source This vulnerability is found by Codenomicon and Google security engineers. Contact Channel for Technique Issue For security problems about Huawei products and solutions, please contact PSIRT@huawei.com. For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance. Revision History 2014-05-15 V3.2 UPDATED update the Software Versions and Fixes 2014-05-14 V3.1 UPDATED update the Software Versions and Fixes 2014-05-13 V3.0 UPDATED update the Software Versions and Fixes 2014-05-12 V2.9 UPDATED update the Software Versions and Fixes 2014-05-12 V2.8 UPDATED update the Software Versions and Fixes 2014-05-12 V2.7 UPDATED update the Software Versions and Fixes 2014-05-10 V2.6 UPDATED update the Software Versions and Fixes 2014-05-10 V2.5 UPDATED update the Software Versions and Fixes 2014-05-09 V2.4 UPDATED update the Software Versions and Fixes 2014-05-09 V2.3 UPDATED update the Software Versions and Fixes 2014-05-08 V2.2 UPDATED update the Software Versions and Fixes 2014-05-07 V2.1 UPDATED update the Software Versions and Fixes 2014-05-06 V2.0 UPDATED update the Software Versions and Fixes 2014-05-05 V1.9 UPDATED update the Software Versions and Fixes 2014-05-04 V1.8 UPDATED update the Software Versions and Fixes 2014-04-30 V1.7 UPDATED update the Software Versions and Fixes 2014-04-28 V1.6 UPDATED update the Software Versions and Fixes 2014-04-24 V1.5 UPDATED update the Software Versions and Fixes 2014-04-22 V1.4 UPDATED update the Software Versions and Fixes 2014-04-21 V1.3 UPDATED update the Software Versions and Fixes 2014-04-21 V1.2 UPDATED update the Software Versions and Fixes 2014-04-18 V1.1 UPDATED update the Software Versions and Fixes 2014-04-17 V1.0 INITIAL Declaration This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei. or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time. Huawei Security Procedures Complete information on providing feedback on security vulnerability of Huawei products, getting support for Huawei security incident response services, and obtaining Huawei security vulnerability information, is available on Huawei's worldwide website at http://www.huawei.com/en/security/psirt/. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU3rQORLndAQH1ShLAQK1LBAAn+2qEe+JevthDYMf//NlB8uvpo15alye G10V+GLODRpdvwFFWly7RB27MYU6++NaeOzN/zrKMTHFoqK/16y94rZgDAw+87M+ 2d9/cRjdmAomjkyJFAvohLz9LFXHrE6FP/i1eKFLdZl1KgE3cVXvWnZ7wExph8Zd 1AmsrLRzjGAm8pLIcQJiVlSnC8Y7LIzYAIPsLnmvive6DM/7cMrxN/LL3IJQ9oZM pNVer+kw3gh9gmhmYnkGrZZpLJVyzWQaRSk448v2D8sZmbycPd3Yi93KjNnEB5PM reMVfG6tI+YNoWfliy0RxTVQnJppTfVL9CxJ7dfbn5OSl9rLLz3Z0fNfc5T8yk1m Z0CdwZkG15hwdZ9NNek8p10AV6EBqQNskwDdfipzMvyjlU3U7W6bFC4+5/fNfaYD Rua5dvXoP4CvQd/Rl9ZLS/iYRyqHA0MuvNuQBCugOBZBopG28UzY2H2MujVaaQOM WQwzfZ73djbwKTDB5jJzknZKJOm2kbZljwGoaE2/dWWqHWCbv1zh72Rqp5y6S7Xv lLob2bcii7FNt0PUgq7C6orSocciarcM8+hCGUl9pDCJj3nv8lIwEmiv/4H6AD4n xrRM5S75eoLDDlcdF4m5iGOOjXGBBupkrE9PxT9gF02NjmGjKWPu57RIaPkuXRzH RaxE6zor0O4= =phJq -----END PGP SIGNATURE-----