Security Notice - Statement on Qualys Revealing the glibc Buffer Overflow Vulnerability
- Initial Release Date: Jan 29, 2015
- Last Release Date: Dec 15, 2015
Huawei noticed that Qualys had disclosed the buffer overflow in the GNU C Library (glibc) on January 27th, 2015, Applications call various gethostbyname function are affected and attackers can exploit this vulnerability to perform remote code execution. Huawei immediately launched a thorough investigation.
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-0235.
The investigation has been completed partially and it is confirmed that some Huawei products are affected.
Huawei has released a security advisory (SA) and workarounds. Customers can ask for support from local Huawei technical support services if necessary. The SA link is:
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-415364.htm
The following Huawei products Confirmed Vulnerable:
|
Product name |
Affected version |
|
AR510 |
AR510 V200R005C30 |
|
AR3200 |
AR3200 V200R005C30 |
|
BH620 |
iMana software V2.26 and earlier versions |
|
BH620 V2 |
iMana software V7.05 and earlier versions |
|
BH621 V2 |
|
|
BH622 V2 |
|
|
BH640 V2 |
|
|
Campus Controller |
Campus Controller V100R001C00 |
|
iMana software V6.05 and earlier versions |
|
|
CH121 V3 |
iBMC software V1.27and earlier versions |
|
CH140 |
iMana software V6.05 and earlier versions |
|
CH220 |
iMana software V6.05 and earlier versions |
|
CH221 |
iMana software V6.05 and earlier versions |
|
CH222 |
iMana software V6.05 and earlier versions |
|
CH222 V3 |
iBMC software V1.28 and earlier versions |
|
CH240 |
iMana software V6.05 and earlier versions |
|
CH242 |
iMana software V6.05 and earlier versions |
|
CH242 V3 |
iBMC software V6.05 and earlier versions |
|
CloudEngine 12800 |
CloudEngine 12800 V100R003C00 |
|
CloudEngine 12800 V100R003C10 |
|
|
CloudEngine 5800 |
CloudEngine 5800V100R003C00 |
|
CloudEngine 5800V100R003C10 |
|
|
CloudEngine 6800 |
CloudEngine 6800V100R003C00 |
|
CloudEngine 6800V100R003C10 |
|
|
CloudEngine 7800 |
CloudEngine 7800V100R003C00 |
|
CloudEngine 7800V100R003C10 |
|
|
DC |
DC V100R002 |
|
DH310 V2 |
iMana software V7.05 and earlier versions |
|
DH320 V2 |
|
|
DH321 V2 |
|
|
DH620 V2 |
|
|
DH621 V2 |
|
|
DH628 V2 |
|
|
E6000 Chassis |
MM software V5.20 and earlier versions |
|
E9000 Chassis |
MM software V3.05 and earlier versions |
|
eLog |
eLog V100R003C01 |
|
eLog V200R003C10 |
|
|
eLWP |
eLWP V100R001C20 |
|
eSight Network |
eSight Network V200R003C01 |
|
eSight Network V200R003C10 |
|
|
eSight Network V200R005C00 |
|
|
eSight Server |
eSight Server MGMT V100R001C00 |
|
eSight Server V300R002C00 |
|
|
eSight Server V300R003C00 |
|
|
eSight UC&C |
eSight UC&C V100R001C01 |
|
eSight UC&C V100R001C20 |
|
|
eSpace 7910 |
eSpace 7910 V100R001C01 |
|
eSpace 7910 V100R001C50 |
|
|
eSpace 7910 V200R002C00 |
|
|
eSpace 7910 V200R003C00 |
|
|
eSpace 7950 |
eSpace 7950 V100R001C01 |
|
eSpace 7950 V100R001C02 |
|
|
eSpace 7950 V100R001C30 |
|
|
eSpace 7950 V100R001C50 |
|
|
eSpace 7950 V200R002C00 |
|
|
eSpace 7950 V200R003C00 |
|
|
eSpace CAD |
eSpace CAD V100R001 |
|
eSpace CC |
eSpace CC V100R001 |
|
eSpace CC V200R001 |
|
|
eSpace DCM |
eSpace DCM V100R001 |
|
eSpace EMS |
eSpace EMS V200R001C03 |
|
eSpace IPC |
eSpace IPC V100R001C11 |
|
eSpace IPC V100R001C21 |
|
|
eSpace IVS |
eSpace IVS V100R001 |
|
eSpace Meeting |
eSpace Meeting V100R001 |
|
eSpace U2980 |
eSpace U2980 V100R001 |
|
eSpace U2990 |
eSpace U2990 V200R001 |
|
eSpace UC |
eSpace UC V100R002 |
|
eSpace UC V200R001 |
|
|
eSpace UC V200R002 |
|
|
eSapce USM |
eSapce USM V100R001 |
|
eSapce UMS |
eSapce UMS V200R002 |
|
eSpace VTM |
eSpace VTM V100R001 |
|
eSpace VTM V100R002 |
|
|
FusionAccess |
FusionAccess V100R005C10 |
|
FusionAccess V100R005C20 |
|
|
FusionAdaptor |
FusionAdaptor V1.2.00.100 |
|
FusionCompute |
FusionCompute V100R002C02 |
|
FusionCompute V100R003C00 |
|
|
FusionCompute V100R003C10 |
|
|
FusionCompute V100R005C00 |
|
|
FusionCloud Desktop Solution |
FusionCloud Desktop Solution V100R005C20 |
|
FusionManager |
FusionManager V100R003C00 |
|
FusionManager V100R003C10 |
|
|
FusionManager V100R005C00 |
|
|
FusionManager V100R005C10 |
|
|
FusionStorage DSware |
FusionStorage DSware V100R003C00 |
|
FusionStorage DSware V100R003C02 |
|
|
GalaX8800 |
GalaX8800 V100R002C01 |
|
IPC6112-D |
IPC6112-D V100R001C10 |
|
IPC6122-D |
IPC6122-D V100R001C10 |
|
IPC6221-VRZ |
IPC6221-VRZ V100R001C00 |
|
L2800 |
L2800 V100R001C00 |
|
ManageOne |
ManageOne V100R001C01 |
|
N8500 (HyperDP) |
N8500 V200R001C09 |
|
N8500 V200R001C91 |
|
|
NVS |
NVS V100R002 |
|
OceanStor 9000 |
OceanStor 9000 V100R001C01 |
|
OceanStor 9000 V100R001C10 |
|
|
OceanStor 9000E |
OceanStor 9000E V100R001C01 |
|
OceanStor 9000E V100R002C00 |
|
|
OceanStor 9000E V100R002C19 |
|
|
OceanStor Backup Software |
OceanStor Backup Software V100R001C00 |
|
OceanStor CSE |
OceanStor CSE V100R003C00 |
|
OceanStor CSE V100R002C00 |
|
|
OceanStor CSE V100R001C01 |
|
|
OceanStor Replication Director |
OceanStor ReplicationDirector V100R002C00 |
|
OceanStor HDP3500E |
OceanStor HDP3500E V100R002C00 |
|
OceanStor HDP3500E V100R003C00 |
|
|
OceanStor UDS |
OceanStor UDS V100R002C00 |
|
OceanStor UDS V100R002C01 |
|
|
OceanStor VTL6900 |
OceanStor VTL6000 V100R003C01 |
|
OceanStor VTL6000 V100R003C02 |
|
|
OceanStor VTL6900 V100R005C00 |
|
|
OceanStor VTL6900 V100R005C10 |
|
|
OMM Solution |
OMM Solution V100R001C00 |
|
RH1285 |
iMana software V2.28 and earlier versions |
|
RH2285 |
iMana software V2.25 and earlier versions |
|
RH1288 V2 |
iMana software V7.05 and earlier versions |
|
RH2265 V2 |
|
|
RH2285 V2 |
|
|
RH2265H V2 |
|
|
RH2285H V2 |
|
|
RH2268 V2 |
|
|
RH2288 V2 |
|
|
RH2288H V2 |
|
|
RH2288E V2 |
|
|
RH2485 V2 |
|
|
RH5885 V2 |
iMana software V5.50 and earlier versions |
|
RH5885 V3 |
iMana software V7.05 and earlier versions |
|
RH5885H V3 |
iMana software V7.05 and earlier versions |
|
RH1288 V3 |
iBMC software V1.28 and earlier versions |
|
RH2288 V3 |
|
|
RH2288H V3 |
|
|
RH1288A V2 |
|
|
RH2288A V2 |
|
|
RH8100 V3 |
|
|
RSE6500 |
RSE6500 V100R001C00 |
|
SAP HANA Appliance |
SAP HANA Appliance V100R001C00 |
|
Tecal XH310 V2 |
Tecal XH310 V2 V100R001C00SPC100 |
|
Tecal XH311 V2 |
Tecal XH311 V2 V100R001C00 |
|
Tecal XH320 V2 |
Tecal XH320 V2 V100R001C00 |
|
Tecal XH321 V2 |
Tecal XH321 V2 V100R002C00 |
|
Tecal XH621 V2 |
Tecal XH621 V2 V100R001C00 |
|
UltraVR |
UltraVR V100R003C00 |
|
V1300N |
V1300N V100R002 |
|
VAE |
V100R001 |
|
VTL3500 |
VTL3500 V100R002C01 |
|
XH310 |
iBMC software V2.12 and earlier versions |
|
XH320 |
iMana software V2.05 and earlier versions |
|
XH620 |
iMana software V2.17 and earlier versions |
|
XH310 V2 |
iMana software V7.05 and earlier versions |
|
XH311 V2 |
|
|
XH320 V2 |
|
|
XH321 V2 |
|
|
XH621 V2 |
|
|
XH628 V3 |
iBMC software V1.28 and earlier versions |
|
MM810 V3 |
The following Huawei products Confirmed Not Vulnerable:
|
Product Name |
|
AC6005 |
|
AC6605 |
|
ACU2 |
|
AP2010DN |
|
AP3010DN-AGN |
|
AP3010DN-AGN-FAT |
|
AP5010DN-AGN |
|
AP5010DN-AGN-FAT |
|
AP5010SN-GN |
|
AP5010SN-GN-FAT |
|
AP5030DN |
|
AP5030DN-FAT |
|
AP5130DN |
|
AP5130DN-FAT |
|
AP6010DN-AGN |
|
AP6010DN-AGN-FAT |
|
AP6010SN-GN |
|
AP6010SN-GN-FAT |
|
AP6310SN-GN |
|
AP6510DN-AGN |
|
AP6510DN-AGN-FAT |
|
AP6610DN-AGN |
|
AP6610DN-AGN-FAT |
|
AP7030DE |
|
AP7110DN-AGN |
|
AP7110DN-AGN-FAT |
|
AP7110SN-GN |
|
AP8030DN |
|
AP8030DN-FAT |
|
AP8130DN |
|
AP8130DN-FAT |
|
AP9130DN-FAT |
|
AP9330DN |
|
APP SERVER |
|
AR-UMS |
|
AT815SN |
|
Carrier DC Server |
|
Data Center OutSourcing |
|
DC Server |
|
EDC Outsourcing |
|
EDC Solution |
|
eSpace 7903X |
|
eSpace 8850 |
|
eSpace 8950 |
|
eSDK OceanStor |
|
eSpace Audio Recorder |
|
eSpace EGW1500E |
|
Eudemon8000E-X8 |
|
FusionCloud Server |
|
FusionCloud Server II |
|
FusionServer 9032 |
|
FusionServer Tools |
|
HMM |
|
iBMC |
|
iCE |
|
IDC Outsourcing |
|
infracontrol plug-in |
|
IPC6125-WDL |
|
IPC6523-Z22-I |
|
IPC6611-Z30-I |
|
IPC6621-Z30-I |
|
iSOC 9000 |
|
MicroDC |
|
MIP550 |
|
MX8910 |
|
NAG3050 |
|
OceanStor 18500 |
|
OceanStor 18800 |
|
OceanStor 18800F |
|
OceanStor 6900 V3 |
|
OceanStor HVS85T |
|
OceanStor HVS88T |
|
OceanStor InfraControl |
|
OceanStor S2600T |
|
OceanStor S5500T |
|
OceanStor S5600T |
|
OceanStor S5800T |
|
OceanStor S6800T |
|
OceanStor Toolkit |
|
OSCA |
|
Policy Center |
|
POMU |
|
PowerCache-Ram-Based SSD |
|
Rainbow |
|
RH2288 V3 |
|
RH2488 V2 |
|
S1700 |
|
S2700 |
|
S5700 |
|
S5720HI |
|
S7700 |
|
S9300 |
|
S9700 |
|
S12700 |
|
Secospace AntiDDoS8030 |
|
Secospace USG6600 |
|
Shared DR Solution. |
|
SmartCDN |
|
Tecal Tecal RH1120_Inactive |
|
TeleClassroom |
|
UltraPath |
|
USG5500 |
|
USG9560 |
|
VDesktop6000 |
|
VP9660 |
|
WA603SN |
|
WA653SN |
|
WLAN AP |
|
X6800 |
|
X8000 |
|
X8000 Rack |
|
XH320 |
|
XH620 |
|
Huawei Mobile smartphones |
|
Huawei MBB products |
2015-12-15 V2.2 FINAL
2015-03-16 V2.1 UPDATED updated list of affected products
2015-03-12 V2.0 UPDATED updated list of affected products
2015-03-02 V1.9 UPDATED updated list of affected products
2015-02-26 V1.8 UPDATED updated list of affected products and add SA link
2015-02-13 V1.7 UPDATED updated list of affected products
2015-02-10 V1.6 UPDATED updated list of affected products
2015-02-06 V1.5 UPDATED updated list of affected products
2015-02-04 V1.4 UPDATED updated list of affected products
2015-02-02 V1.3 UPDATED updated list of affected products
2015-01-31 V1.2 UPDATED updated list of affected products
2015-01-30 V1.1 UPDATED updated list of affected products
2015-01-29 V1.0 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.
