Security Advisory-9 OpenSSL vulnerabilities on Huawei products
- SA No:Huawei-SA-20141008-OpenSSL
- Initial Release Date: Oct 08, 2014
- Last Release Date: Mar 11, 2015
This security advisory (SA) describes the impact of 9 OpenSSL vulnerabilities discovered in third-party software. (Vulnerability ID: HWPSIRT-2014-0816)
These vulnerabilities are referenced in this document as follows:
1.Information leak in pretty printing functions (CVE-2014-3508). A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3508
2.Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139). The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This can be exploited through a Denial of Service attack.The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5139
3.Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509). If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory.The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3509
4.Double Free when processing DTLS packets (CVE-2014-3505). An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack.The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3505
5.DTLS memory exhaustion (CVE-2014-3506). An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack.The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3506
6.DTLS memory leak from zero-length fragments (CVE-2014-3507). By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack.The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3507
7.OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510). OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages.The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3510
8.OpenSSL TLS protocol downgrade attack (CVE-2014-3511). A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records.The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3511
9.SRP buffer overrun (CVE-2014-3512). A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3512
The 9 vulnerabilities affect the Huawei products that use OpenSSL. Some Products have provided the fixed versions.
|
Product Name |
Affected Version |
Solved version |
|
AP5010DN-AGN |
Earlier than V200R005C10 versions |
AP5010DN-AGN V200R005C10 |
|
Basic Cloud Platform |
V100R001C01 |
V100R001C01XNFS0106012 |
|
Dorado2100 G2 |
V100R001C00B010 |
V100R001C00SPCa00 |
|
Dorado2100 |
V100R001C00B011 |
V100R001C00SPCa00 |
|
Dorado5100 |
V100R001C00B010 |
V100R001C00SPCa00 |
|
eSDK Solution |
V100R003C20 |
Upgrade to V100R003C30SPC100 |
|
eSight IT |
V200R002C00 |
V200R002C00SPC301B011 |
|
eSight Network |
V200R003C01 |
Upgrade to V200R003C10SPC205 |
|
V200R003C10 |
V200R003C10SPC205 |
|
|
eSight UC&C |
V100R001C01B010 |
V100R001C01SPC303 |
|
V100R001C20 |
V100R001C20SPC306 |
|
|
V100R002C00 |
V300R002C00SPC200 |
|
|
eSpace CAD |
V100R001C01 |
V100R001C01LHUE01SPC105 |
|
eSpace CC |
V200R001C01 |
Upgrade to V200R001C03SPC205 |
|
eSpace DCM |
V100R002C01 |
Official SUSE patch |
|
eSpace IVS |
V100R001C02SPC100 |
V100R001C02SPC121 |
|
FusionAccess |
FusionAccess V100R005C10 |
Upgrade to V100R005C20 |
|
FusionCompute |
V100R003C10SPC600 and earlier versions |
V100R003C10CP6001 |
|
HUAWEI S12700 |
Earlier than V200R006C00SPC300 versions |
V200R006C00SPC300 |
|
ManageOne |
ManageOne OC V100R002C00 ManageOne OC V100R002C10 ManageOne SC V100R002C10 ManageOne V100R001C01 ManageOne V100R001C02 |
Official SUSE Patch |
|
OceanStor S6800T |
V100R005C02 |
Upgrade to V100R005C30SPC300 |
|
V100R001C00 |
Upgrade to V100R005C30SPC300 |
|
|
V200R002C10 |
Upgrade to V200R002C20SPC100 |
|
|
V200R002C00 |
V200R002C00SPC400 |
|
|
OceanStor S2600T |
V100R005C01 |
Upgrade to V100R005C30SPC300 |
|
V200R001C00 |
Upgrade to V200R002C00SPC400 |
|
|
V100R002C00 |
Upgrade to V100R005C30SPC300 |
|
|
V200R002C10 |
Upgrade to V200R002C20SPC100 |
|
|
V200R002C00 |
V200R002C00SPC400 |
|
|
OceanStor S5500T |
V100R001C00 |
Upgrade to V100R005C30SPC300 |
|
V200R002C10 |
Upgrade to V200R002C20SPC100 |
|
|
V100R005C50 |
Upgrade to V200R002C20SPC100 |
|
|
OceanStor 18800 |
V100R001C00 |
V100R001C00SPC300 |
|
OceanStor S5600T |
Earlier than V100R005C30SPC300 versions |
V100R005C30SPC300 |
|
V200R002C10 |
Upgrade to V200R002C20SPC100 |
|
|
V200R002C00 |
V200R002C00SPC400 |
|
|
OceanStor S5800T |
V100R001C00 |
Upgrade to V100R005C30SPC300 |
|
V200R002C10 |
Upgrade to V200R002C20 |
|
|
V200R001C00 |
Upgrade to V200R002C00SPC400 |
|
|
Earlier than V200R002C00SPC400 versions |
V200R002C00SPC400 |
|
|
OceanStor 18800F |
V100R001C00 |
V100R001C00SPC300 |
|
OceanStor 18500 |
V100R001C00 |
V100R001C00SPC300 |
|
OceanStor 6800 V3 |
V300R001C00 |
V300R001C10SPC100 |
|
OceanStor N8500 |
Earlier than V200R001C09SPC500 versions |
V200R001C09SPC502 |
|
V200R001C91SPC200 |
V200R001C91SPC202 |
|
|
OceanStor HVS88T |
V100R001C00 |
V100R001C00SPC300 |
|
OceanStor HVS85T |
V100R001C00 |
V100R001C00SPC300 |
|
OceanStor S2200T |
V100R005C00 |
Upgrade to V100R005C30SPC300 |
|
OceanStor S2900 |
V100R002C01 |
Upgrade to V100R005C30SPC300 |
|
OceanStor S3900 |
V100R001C00 |
Upgrade to V100R005C30SPC300 |
|
OceanStor S5900 |
V100R001C00 |
Upgrade to V100R005C30SPC300 |
|
OceanStor S6900 |
V100R001C00 |
Upgrade to V100R005C30SPC300 |
|
OceanStor Dorado2100 |
V100R001C00 |
V100R001C00SPCa00 |
|
OceanStor Dorado2100 G2 |
V100R001C00 |
V100R001C00SPCa00 |
|
OceanStor Dorado5100 |
V100R001C00 |
V100R001C00SPCa00 |
|
OceanStor UDS |
V100R002C00 |
Upgrade to V100R002C01 SPC101 |
|
Policy Center |
V100R003C00 |
Upgrade to V100R003C10 |
|
RSE6500 |
V100R001C00 |
V100R001C00SPC200 |
|
S2200T |
Earlier than V100R005C30SPC300 versions |
V100R005C30SPC300 |
|
S2600T |
V100R005C01T |
Upgrade to V100R005C30SPC300 |
|
S3300 |
V100R006C05 |
V100R006HP0011 |
|
S7700 |
Earlier than V200R006C00SPC300 versions |
V200R006C00SPC300 |
|
SoftCo |
V100R003C01B204 |
Upgrade to V200R001C01SPC500 |
|
SmartCDN |
SmartCDN V100R001C05 |
Smart CDN V100R001C05SPC600T |
|
Tecal RH2285H |
V100R002C00 |
RH2285H V2 V100R002C00SPC112 |
|
Tecal RH2288 V2 |
V100R002C00 |
V100R002C00SPC118 |
|
Tecal RH2288E V2 |
V100R002C00 |
V100R002C00SPC102 |
|
Tecal RH2288H V2 |
V100R002C00 |
V100R002C00SPC116 |
|
Tecal RH2485 V2 |
V100R002C00 |
V100R002C00SPC503 |
|
Tecal RH5885 V2 |
V100R001C00 |
Upgrade to V100R001C02SPC200 |
|
Tecal RH5885 V3 |
V100R003C00 |
Upgrade to V100R003C01SPC106 |
|
V100R003C01 |
V100R003C01SPC106 |
|
|
Tecal RH5885H V3 |
V100R003C00 |
V100R003C00SPC105B010 |
|
TMS1000 |
Earlier than V100R005C00SPC305 versions |
V100R005C00SPC305 |
|
TSM |
TSM V100R002C01 |
Upgrade to V100R002C07SPC224 |
|
TSM V100R003C00 |
Upgrade to Policy Center V100R003C10 |
|
|
USG9560 |
Earlier than V300R001C01SPH303 verions |
USG9560 V300R001C01SPH303 |
|
USG9500 |
V200R001C01 |
Upgrade to V300R001C01SPH303 |
|
USG9300 |
USG9300 V100R003C00 |
Upgrade to USG9500 V300R001C01SPH303 |
Successful exploitation of these vulnerabilities may allow an attacker to create a denial of service condition, disclose sensitive information, or execute arbitrary code with elevated privileges.
The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).
1.CVE-2014-3508:
Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Temporal Score: 3.6 (E:F/RL:O/RC:C)
Overall Score: 3.6
2.CVE-2014-5139:
Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Temporal Score: 3.6 (E:F/RL:O/RC:C)
Overall Score: 3.6
3.CVE-2014-3509:
Base Score: 6.8(AV:N/AC:M/AU:N/C:P/I:P/A:P)
Temporal Score: 5.6 (E:F/RL:O/RC:C)
Overall Score: 5.6
4.CVE-2014-3505:
Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Temporal Score: 4.1 (E:F/RL:O/RC:C)
Overall Score: 4.1
5.CVE-2014-3506:
Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Temporal Score: 4.1 (E:F/RL:O/RC:C)
Overall Score: 4.1
6.CVE-2014-3507:
Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Temporal Score: 4.1 (E:F/RL:O/RC:C)
Overall Score: 4.1
7.CVE-2014-3510:
Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Temporal Score: 3.6 (E:F/RL:O/RC:C)
Overall Score: 3.6
8.CVE-2014-3511:
Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Temporal Score: 3.6 (E:F/RL:O/RC:C)
Overall Score: 3.6
9.CVE-2014-3512:
Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Temporal Score: 6.2(E:F/RL:O/RC:C)
Overall Score: 6.2
For additional details, customers are advised to reference the OpenSSL Project security advisory: http://www.openssl.org/news/secadv_20140806.txt
These vulnerabilities are disclosed by OpenSSL official website.
For security problems about Huawei products and solutions, please contactPSIRT@huawei.com.
For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance.
2015-03-11 V1.2 UPDATED Update the link information
2015-01-21 V1.1 UPDATED Update the affected products list
2014-10-08 V1.0 INITIAL
None
