Security Advisory - Sixteen OpenSSL Vulnerabilities on Some Huawei products
- SA No:huawei-sa-20170322-01-openssl
- Initial Release Date: Mar 22, 2017
- Last Release Date: Jul 04, 2018
This vulnerability has been assigned a CVE ID: CVE-2016-6309
Crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service by triggering a CRL operation. (Vulnerability ID: HWPSIRT-2016-09078)
This vulnerability has been assigned a CVE ID: CVE-2016-7052
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service via large OCSP Status Request extensions. (Vulnerability ID: HWPSIRT-2016-09079)
This vulnerability has been assigned a CVE ID: CVE-2016-6304
The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service by triggering a zero-length record in an SSL_peek call. (Vulnerability ID: HWPSIRT-2016-09080)
This vulnerability has been assigned a CVE ID: CVE-2016-6305
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. (Vulnerability ID: HWPSIRT-2016-09081)
This vulnerability has been assigned a CVE ID: CVE-2016-2183
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service. (Vulnerability ID: HWPSIRT-2016-09082)
This vulnerability has been assigned a CVE ID: CVE-2016-6303
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. (Vulnerability ID: HWPSIRT-2016-09083)
This vulnerability has been assigned a CVE ID: CVE-2016-6302
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service. (Vulnerability ID: HWPSIRT-2016-09084)
This vulnerability has been assigned a CVE ID: CVE-2016-2182
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service via a crafted time-stamp file that is mishandled by the "openssl ts" command. (Vulnerability ID: HWPSIRT-2016-09085)
This vulnerability has been assigned a CVE ID: CVE-2016-2180
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service. (Vulnerability ID: HWPSIRT-2016-09086)
This vulnerability has been assigned a CVE ID: CVE-2016-2177
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. (Vulnerability ID: HWPSIRT-2016-09087)
This vulnerability has been assigned a CVE ID: CVE-2016-2178
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service by maintaining many crafted DTLS sessions simultaneously. (Vulnerability ID: HWPSIRT-2016-09088)
This vulnerability has been assigned a CVE ID: CVE-2016-2179
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 exist a vulnerability, which allows remote attackers to cause a denial of service. (Vulnerability ID: HWPSIRT-2016-09089)
This vulnerability has been assigned a CVE ID: CVE-2016-2181
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service via crafted certificate operations. (Vulnerability ID: HWPSIRT-2016-09090)
This vulnerability has been assigned a CVE ID: CVE-2016-6306
The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service via crafted TLS messages. (Vulnerability ID: HWPSIRT-2016-09091)
This vulnerability has been assigned a CVE ID: CVE-2016-6307
Statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service via crafted DTLS messages. (Vulnerability ID: HWPSIRT-2016-09092)
This vulnerability has been assigned a CVE ID: CVE-2016-6308
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
|
Product Name |
Affected Version |
Resolved Product and Version |
|
AC6005 |
V200R005C10 |
Upgrade to V2R7C10 |
|
AC6605 |
V200R005C00 |
Upgrade to V2R7C10 |
|
V200R005C10 |
||
|
AP5010SN-GN |
V200R005C10 |
Upgrade to V200R007C10 |
|
AP5030DN |
V200R005C10 |
Upgrade to V200R007C10 |
|
AP5130DN |
V200R005C10 |
Upgrade to V200R007C10 |
|
AP6010SN-GN |
V200R005C10 |
Upgrade to V200R007C10 |
|
AP6310SN-GN |
V200R005C10 |
Upgrade to V200R007C10 |
|
AP6510DN-AGN |
V200R005C10 |
Upgrade to V200R007C10 |
|
AP6610DN-AGN |
V200R005C10 |
Upgrade to V200R007C10 |
|
AP7030DE |
V200R005C10 |
Upgrade to V200R007C10 |
|
V200R005C20 |
||
|
AP7110DN-AGN |
V200R005C10 |
Upgrade to V200R007C10 |
|
AP7110SN-GN |
V200R005C10 |
Upgrade to V200R007C10 |
|
AP8030DN |
V200R005C10 |
Upgrade to V200R007C10 |
|
AP8130DN |
V200R005C10 |
Upgrade to V200R007C10 |
|
AP9330DN |
V200R005C20 |
Upgrade to V200R007C10 |
|
AR3200 |
V200R008C10 |
Upgrade to V200R008C50 |
|
V200R008C20 |
||
|
DP300 |
V500R002C00 |
V500R002C00SPC800 |
|
E6000 |
V100R002C03 |
V100R001C00SPC505 |
|
FusionManager |
V100R005C00 |
Upgrade to V100R006C00 |
|
IPC6112-D |
V100R001C10 |
V100R001C10SPC305 |
|
IPC6611-Z30-I |
V100R001C00 |
V100R001C00SPC305 |
|
OceanStor 9000 |
V100R001C01 |
Upgrade to V300R005C00SPC170 |
|
V100R001C30 |
||
|
V300R005C00 |
V300R005C00SPC170 |
|
|
OceanStor Backup Software |
V100R002C00 |
Upgrade to OceanStor BCManager V200R001C00SPC202 eBackup |
|
OceanStor UDS |
V100R002C00LVDF01 |
Upgrade to OceanStor UDS VFusionStorage Object V100R002C01SPC112 |
|
V1R2C01LHWS01RC3 |
V1R2C01LHWS02U1SPC5 |
|
|
V1R2C01LHWS01RC6 |
||
|
RH5885 V2 |
V100R001C01 |
Upgrade to V100R001C02SPC303 |
|
V100R001C02 |
V100R001C02SPC303 |
|
|
RH5885 V3 |
V100R003C01 |
V100R003C01SPC120 |
|
V100R003C10 |
||
|
RSE6500 |
V500R002C00 |
V500R002C00SPCa00 |
|
SMSC |
V300R002C90LG0005 |
VAS Cloud Component V100R002C00 |
|
SeMG9811 |
V300R001C01 |
V300R001C01SPHa02 |
|
TE30 |
V100R001C02B053SP02 |
Upgrade to TE60 V600R006C00SPC200 |
|
V100R001C02B053SP03 |
||
|
V100R001C02SPC100 |
||
|
V100R001C02SPC100B011 |
||
|
V100R001C02SPC100B012 |
||
|
V100R001C02SPC100B013 |
||
|
V100R001C02SPC100B014 |
||
|
V100R001C02SPC100B015 |
||
|
V100R001C02SPC100B016 |
||
|
V100R001C02SPC100T |
||
|
V100R001C02SPC100TB010 |
||
|
V100R001C02SPC101T |
||
|
V100R001C02SPC101TB010 |
||
|
V100R001C02SPC102T |
||
|
V100R001C02SPC102TB010 |
||
|
V100R001C02SPC103T |
||
|
V100R001C02SPC103TB010 |
||
|
V100R001C02SPC200 |
||
|
V100R001C02SPC200B010 |
||
|
V100R001C02SPC200B011 |
||
|
V100R001C02SPC200T |
||
|
V100R001C02SPC200TB010 |
||
|
V100R001C02SPC201TB010 |
||
|
V100R001C02SPC202T |
||
|
V100R001C02SPC202TB010 |
||
|
V100R001C02SPC203T |
||
|
V100R001C02SPC300B010 |
||
|
V100R001C10 |
||
|
V100R001C10SPC100 |
||
|
V100R001C10SPC200B010 |
||
|
V100R001C10SPC300 |
||
|
V100R001C10SPC500 |
||
|
V100R001C10SPC600 |
||
|
V100R001C10SPC700B010 |
||
|
V100R001C10SPC800 |
||
|
V500R002C00SPC200 |
||
|
V500R002C00SPC500 |
||
|
V500R002C00SPC600 |
||
|
V500R002C00SPC700 |
||
|
TE40 |
V500R002C00SPC600 |
TP3206 V100R002C00SPC700 |
|
V500R002C00SPC700 |
||
|
TE60 |
V100R001C10 |
Upgrade to V500R002C00SPC900 |
|
V500R002C00 |
V500R002C00SPC900 |
|
|
USG9520 |
V200R001C01 |
Upgrade to V300R001C01SPHa02 |
|
V300R001C01 |
V300R001C01SPHa02 |
|
|
V300R001C20 |
||
|
USG9560 |
V200R001C01 |
Upgrade to V300R001C01SPHa02 |
|
V300R001C01 |
V300R001C01SPHa02 |
|
|
V300R001C20 |
||
|
USG9580 |
V200R001C01 |
Upgrade to V300R001C01SPHa02 |
|
V300R001C01 |
V300R001C01SPHa02 |
|
|
V300R001C20 |
||
|
VCM |
V100R001C10 |
Upgrade to VCM5020 V100R002C50SPC100 |
|
V100R001C10SPC001 |
||
|
V100R001C10SPC002 |
||
|
V100R001C10SPC003 |
||
|
V100R001C10SPC004 |
||
|
V100R001C10SPC005 |
||
|
V100R001C10SPC006 |
||
|
V100R001C20 |
||
|
ViewPoint 9030 |
V100R011C02SPC100 |
Upgrade to V100R011C03SPC500 |
|
V100R011C02SPC100B010 |
||
|
V100R011C03B012SP15 |
V100R011C03SPC500 |
|
|
V100R011C03B012SP16 |
||
|
V100R011C03B015SP03 |
||
|
V100R011C03LGWL01SPC100 |
||
|
V100R011C03LGWL01SPC100B012 |
||
|
V100R011C03LGWL02SPC100T |
||
|
V100R011C03SPC100 |
||
|
V100R011C03SPC100B010 |
||
|
V100R011C03SPC100B011 |
||
|
V100R011C03SPC100B012 |
||
|
V100R011C03SPC100T |
||
|
V100R011C03SPC200 |
||
|
V100R011C03SPC200T |
||
|
V100R011C03SPC300 |
||
|
V100R011C03SPC400 |
||
|
eAPP610 |
V100R003C00 |
eAPP610_TD V100R003C00SPC540 |
|
eLog |
V200R005C00 |
V200R005C00SPC200 |
|
eSpace 7910 |
V200R003C00 |
V200R003C00SPCh00 |
|
eSpace 7950 |
V200R003C00SPCf00 |
eSpace 7910 V200R003C00SPCk00 |
|
V200R003C30 |
eSpace 7910 V200R003C30SPC100 |
|
|
eSpace 8950 |
V200R003C00 |
V200R003C00SPCh00 |
|
eSpace IAD |
V300R002C01SPCb00 |
V300R002C01SPCm00 |
|
eSpace U1981 |
V200R003C30 |
V200R003C30SPC200 |
|
eSpace USM |
V100R001C10SPC105 |
Upgrade to Unified Session Manager V600R006C00SPC100 |
|
V300R001C00 |
||
|
eSpace VCN3000 |
V100R002C00SPC100 |
Upgrade to VCN3020 V100R002C50SPC100 |
|
V100R002C00SPC108 |
||
|
V100R002C00SPC109 |
||
|
V100R002C10B026 |
||
|
V100R002C10SPC001 |
||
|
V100R002C10SPC100 |
||
|
V100R002C10SPC100T |
||
|
V100R002C10SPC101 |
||
|
V100R002C10SPC101T |
||
|
V100R002C10SPC102 |
||
|
V100R002C10SPC102T |
||
|
V100R002C10SPC102TB011 |
||
|
V100R002C10SPC103 |
||
|
V100R002C10SPC103T |
||
|
V100R002C10SPC105T |
||
|
V100R002C10SPC106 |
||
|
V100R002C10SPC107 |
||
|
V100R002C10SPC107_B1253000 |
||
|
V100R002C10SPC108 |
||
|
V100R002C20B022 |
||
|
V100R002C20SPC001B012 |
||
|
V100R002C20SPC001T |
||
|
V100R002C20SPC100 |
||
|
V100R002C20SPC200 |
||
|
V100R002C20SPC201 |
||
|
V100R002C20SPC201T |
||
|
V100R002C20SPC201TB012 |
||
|
iBMC |
V100R002C10 |
Upgrade to V200R002C20SPC110 |
|
V100R002C30 |
||
|
V200R002C20 |
V200R002C20SPC110 |
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6309
HWPSIRT-2016-09078:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7052
HWPSIRT-2016-09079:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6304
HWPSIRT-2016-09080:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6305
HWPSIRT-2016-09081:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2183
HWPSIRT-2016-09082:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6303
HWPSIRT-2016-09083:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6302
HWPSIRT-2016-09084:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2182
HWPSIRT-2016-09085:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2180
HWPSIRT-2016-09086:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2177
HWPSIRT-2016-09087:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2178
HWPSIRT-2016-09088:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2179
HWPSIRT-2016-09089:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2181
HWPSIRT-2016-09090:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6306
HWPSIRT-2016-09091:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6307
HWPSIRT-2016-09092:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6308
HWPSIRT-2016-09065:
Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Temporal Score: 9.1 (E:F/RL:O/RC:C)
HWPSIRT-2016-09078:
Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Temporal Score: 7.0 (E:F/RL:O/RC:C)
HWPSIRT-2016-09079:
Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Temporal Score: 7.0 (E:F/RL:O/RC:C)
HWPSIRT-2016-09080:
Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Temporal Score: 7.0 (E:F/RL:O/RC:C)
HWPSIRT-2016-09081:
Base Score: 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Temporal Score: 4.9 (E:F/RL:O/RC:C)
HWPSIRT-2016-09082:
Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Temporal Score: 9.1 (E:F/RL:O/RC:C)
HWPSIRT-2016-09083:
Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Temporal Score: 7.0 (E:F/RL:O/RC:C)
HWPSIRT-2016-09084:
Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Temporal Score: 9.1 (E:F/RL:O/RC:C)
HWPSIRT-2016-09085:
Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Temporal Score: 7.0 (E:F/RL:O/RC:C)
HWPSIRT-2016-09086:
Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Temporal Score: 5.5 (E:F/RL:O/RC:C)
HWPSIRT-2016-09087:
Base Score: 5.7 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Temporal Score: 5.3 (E:F/RL:O/RC:C)
HWPSIRT-2016-09088:
Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Temporal Score: 7.0 (E:F/RL:O/RC:C)
HWPSIRT-2016-09089:
Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Temporal Score: 7.0 (E:F/RL:O/RC:C)
HWPSIRT-2016-09090:
Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Temporal Score: 5.5 (E:F/RL:O/RC:C)
HWPSIRT-2016-09091:
Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Temporal Score: 5.5 (E:F/RL:O/RC:C)
HWPSIRT-2016-09092:
Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Temporal Score: 5.5 (E:F/RL:O/RC:C)
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6309
HWPSIRT-2016-09078:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7052
HWPSIRT-2016-09079:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6304
HWPSIRT-2016-09080:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6305
HWPSIRT-2016-09081:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2183
HWPSIRT-2016-09082:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6303
HWPSIRT-2016-09083:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6302
HWPSIRT-2016-09084:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2182
HWPSIRT-2016-09085:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2180
HWPSIRT-2016-09086:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2177
HWPSIRT-2016-09087:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2178
HWPSIRT-2016-09088:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2179
HWPSIRT-2016-09089:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2181
HWPSIRT-2016-09090:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6306
HWPSIRT-2016-09091:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6307
HWPSIRT-2016-09092:
For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6308
Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.
2018-07-04 V1.3 UPDATED Updated the "Software Versions and Fixes" section;
2018-04-18 V1.2 UPDATED Updated the "Software Versions and Fixes" section;
2017-09-20 V1.1 UPDATED Updated the "Software Versions and Fixes" section;
2017-03-22 V1.0 INITIAL
None
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.
