copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2014.0762 - [Appliance] Huawei products: Access privileged data - Remote/unauthenticated

Date: 20 May 2014
References: ESB-2014.0457  ESB-2014.0458.2  ESB-2014.0461  ASB-2014.0054  ASB-2014.0059  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.0762
        Security Advisory-OpenSSL Heartbeat Extension vulnerability
               (Heartbleed bug) on Huawei multiple products
                                20 May 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Huawei products
Publisher:         Huawei
Operating System:  Network Appliance
Impact/Access:     Access Privileged Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-0160  

Reference:         ASB-2014.0059
                   ASB-2014.0054
                   ESB-2014.0461
                   ESB-2014.0458.2
                   ESB-2014.0457

Original Bulletin: 
   http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-332187.htm

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Advisory-OpenSSL Heartbeat Extension vulnerability (Heartbleed bug) on
Huawei multiple products

SA No: Huawei-SA-20140417-Heartbleed

Initial Release Date: 04-17-2014

Last Release Date: 05-15-2014

Summary

Some OpenSSL software versions used in multiple Huawei products have the 
following OpenSSL vulnerability. Unauthorized remote attackers can dump 64 
Kbytes of memory of the connected server or client in each attack. The leaked
memory may contain sensitive information, such as passwords and private keys 
(Vulnerability ID: HWPSIRT-2014-0414). 

This Vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) 
ID: CVE-2014-0160.

Impact

The impacts of this vulnerability on Huawei products vary with products. 
Attackers may exploit this vulnerability to dump a certain size of memory of
devices. The leaked memory may contain sensitive information, such as passwords
and private keys.

Vulnerability Scoring Details

The vulnerability classification has been performed by using the CVSSv2 
scoring system (http://www.first.org/cvss/).

Base Score: 5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N)

Temporal Score: 3.9 (E:P/RL:O/RC:C)

Technique Details

1. Prerequisite:

This vulnerability can be exploited only when the following conditions are 
present:

The attacker is able to locally or remotely access the device affected by the 
vulnerability.

2. Vulnerability details:

The vulnerability is due to a missing memory bounds check when the OpenSSL 
software processes TLS heartbeat packets. Attackers can trigger the 
vulnerability by sending malformed TLS heartbeat packets to the server. The 
attacker may also impersonate a server to send malicious packets to a client 
that accesses the server to attack the client. After the attack succeeds, the
 attacker can dump a certain size of memory each time the attacker sends a 
malicious heartbeat packet. The dumped memory may contain sensitive 
information, such as passwords and private keys.

Temporary Fix

Null

Software Versions and Fixes

Product Name		Affected Version	Solved Plan/Patch Link

AHR			V100R003C00SPC350 and	V100R003C00SPC360
			later versions

BCM			BCM V300R003C01		V300R003C30LG0106SPC002
			BCM V300R003C30		V300R003C50SPC020

Billing V5R5		CBS V500R005C21		BCM 
						V300R003C30LG0106SPC002
						BCM 
						V300R003C50SPC020

CBS			CBS V300R003C01		BICP V100R001C50LS0002
			CBS V100R002C02		BCM V300R003C30LG0106SPC002
						BCM V300R003C50SPC020

CCE3.0			CCE V100R003C00		V100R003C00CP1301

CPS			CPS V100R001C10		BICP V100R001C50LS0002
			CPS V100R001C20		BCM V300R003C30LG0106SPC002
						BCM V300R003C50SPC020

CRM			CC&BM V100R002C61	BICP V100R001C50LS0002
			CC&BM V100R002C62
			CC&BM V100R002C72
			Wimax BOSS V100R001C01

CSP			V600R005C10		V600R003C90LG1032
			V600R005C11SPC100
	
CTI			V300R005C50		V300R005C50SPC011
			V300R006C30
	
DWH			V100R002C10		BICP V100R001C50LS0002
			V100R002C30
	
eBIMS			V100R001C00SPC100	V100R001C00SPC200

ECC500			V600R001C00		V600R001C00SPC100

EDC Solution		V100R001C01		Tecal E6000 Chassis V100R001C00SPC111
						Tecal BH622 V2 V100R002C00SPC108
						Tecal BH640 V2 V100R002C00SPC107

eLTE Broadband Access	eSight V300R001C10	V300R001C10CP2004
			eCNS600 V100R001C00	V100R002C00SPC300
			eCNS600 V100R002C00	V100R002C00SPC300

eSDK Solution		V100R002C01		eSDK IVS V100R003C10SPC100
						eSDK UC V100R003C10SPC001

eSight			V200R003C00		V200R003C01SPC204
			V200R003C01		V200R003C01SPC204
			V200R003C10

eSight UC&C		V100R001C01		V100R001C20SPH303
			V100R001C02		V100R001C01SPH301
	
eSpace desktop		V200R001		V200R001C03SPC800

eSpace Meeting Portal	V100R001C00		V100R001C00SPC302

eSpace IVS		V100R001C02		V100R001C02SPC102

eSpace UC		V200R001C50		V200R001C50SPC003T

EVC3.3			EVC V300R003C02		BICP V100R001C50LS0002

FusionCloud Desktop 	V100R003C00		Tecal E9000 Chassis V100R001C00SPC160
Solution					Tecal RH2285 V2 V100R002C00SPC113
	
Fusioncube		V100R002C00		Tecal RH2288 V2 V100R002C00SPC115
			V100R002C01		Tecal E9000 Chassis V100R001C00SPC160

FusionSphere		V100R003C00		Tecal E9000 Chassis V100R001C00SPC160

HSS9860			HSS9860 V900R008C20	V900R008C20SPC508

HyperDP			OceanStor N8500V200R001C09	V200R001C09SPC500	
			OceanStor N8500 V200R001C91	V200R001C91SPC200

IDC Solution		V100R001C01		Tecal RH2288 V2 V100R002C00SPC115
						Tecal RH2285 V2 V100R002C00SPC113
						Tecal E6000 Chassis V100R001C00SPC111
						Tecal BH622 V2 V100R002C00SPC108
						Tecal BH640 V2 V100R002C00SPC107
						Tecal BH640 V2 V100R002C00SPC107
			V100R001C03		Tecal E9000 Chassis V100R001C00SPC160
						Tecal RH2285 V2 V100R002C00SPC113
						Tecal RH2288 V2 V100R002C00SPC115
						Tecal RH2485 V2 V100R002C00SPC501
						Tecal RH5885 V2 V100R001C02SPC109
						Tecal XH310 V2 V100R001C00SPC107
						Tecal XH311 V2 V100R001C00SPC107
						Tecal XH320 V2 V100R001C00SPC109
						Tecal XH621 V2 V100R001C00SPC105
						Tecal RH1288 V2 V100R002C00SPC105
						Tecal DH310 V2 V100R001C00SPC107
						Tecal DH620 V2 V100R001C00SPC105
						Tecal DH621 V2 V100R001C00SPC105
						Tecal E6000 Chassis V100R001C00SPC111
						Tecal BH622 V2 V100R002C00SPC108
						Tecal BH640 V2 V100R002C00SPC107
						CSB Solution V100R001C01SPC101

IDS2000			V300R001C11/C12/C31/C32	ECC500 V300R001C30

iManager M2000		iManager M2000 V200R013C00SPC230
			iManager M2000 V200R013C00HP2301	V200R013C00CP2302

iManager PRS		iManager PRS V100R014C00SPC100		V100R014C00CP1501

iManager U2000		iManager U2000 V100R009C00SPC300	V100R009C00CP3002

iManager U2000-M	iManager U2000 V200R014C00SPC100
			iManager U2000 V200R014C00SPC110	V200R014C00SPC200

IMS			IMS V200R010C00		CGP V100R006C60SPC609

ISOP			V200R001C00		BICP V100R001C50LS0002

LMT of GGSN9811/ 	GGSN9811 V900R008C01	UGW9811 V900R009C01SPC300
UGW9811/ PDSN9660/ 	UGW9811 V900R001C03	UGW9811 V900R009C02SPC200
WASN9770/ HA9661	UGW9811 V900R001C05	UGW9811 V900R010C00SPC100
			UGW9811 V900R009C01	UGW9811 V900R010C01SPC200
			UGW9811 V900R009C02	UGW9811 V900R010C72SPC200
			UGW9811 V900R010C00	UGW9811 V900R010C81SPC100
			UGW9811 V900R010C01	HA9661 V900R007C06SPC300
			UGW9811 V900R010C72	PDSN9660 V900R007C06SPC200
			UGW9811 V900R010C81	WASN9770 V300R003C02SPC300
			HA9661 V900R007C06
			PDSN9660 V900R007C02
			PDSN9660 V900R007C03
			PDSN9660 V900R007C05
			PDSN9660 V900R007C06
			WASN9770 V300R003C01
			WASN9770 V300R003C02
			
Mediation		Mediation V100R002C20	BCM V300R003C30LG0106SPC002
			Mediation V100R002C30	BCM V300R003C50SPC020
	
Mobile phone Y300	Y300-0100 V100R001C00B197	In the TA ( technical accept) testing

Mobile phone G510	G510-0200 V100R001C00B193	V100R001C00B200

Mobile phone U8686	V100R001C85B177/B187	In the TA ( technical accept) testing

Mobile phone C8813	V100R001C92B173		In the TA ( technical accept) testing

MSOFTX3000		MSOFTX3000 V200R010C10	V200R010C10SPH103

Nastar			GENEX Nastar V600R014C00SPC201T	V600R014C00CP0010
			GENEX Nastar V600R014C00
	
NetCol ACC		V100R001C10/C20/C30	V100R001C10

NGIN			SNE V300R002C20		V300R002C50
			SNE V300R002C30
			SNE V300R002C40
			SNE V300R002C50

			BMP V100R002C30		V100R002C40SPC001
			BMP V100R002C40

OCS			OCS V100R002C01		BCM V300R003C30LG0106SPC002
			OCS V300R003C01		BICP V100R001C50LS0002
						BCM V300R003C50SPC020

OIC			V100R001C00SPC300	V100R001C00SPC401
			V100R001C00SPC400
	
OnlineMediation		OnlineMediationV300R003C01	ONIP SNE V300R002C50
			OnlineMediationV300R003C02	BICP V100R001C50LS0002
			OnlineMediationV300R003C21
			OnlineMediationV300R003C30

OpenEye CMS		V300R001C60SPC001	V300R001C60SPC002

PCCS			PowerCube1000 V300R002C03	V300R002C03SPC600
			PowerCube Controller Software 
			V300R002C00/C10/C20C/C30
	
PDU8000			V100R002C00		V100R002C00SPC100

Policy Center		V100R003C00		V100R003C00SPC303

PRM			PRM V300R001C08		BCM V300R003C30LG0106SPC002
			PRM V300R001C20		BCM V300R003C50SPC020
	
RCS9880			V100R002C10		V100R002C10CP0001
			V100R003C00		V100R003C00CP0001
	
SAG			V200R001C38		V200R001C38LG0005

SANEX			V100R002C00		V100R002C00SPC002

Smart Campaign		V300R003C02		BICP V100R001C50LS0002

SMU02B SMU		V300R002C02		SUM V300R002C02SPC73
			V300R002C10		SUM V300R002C20SPC74
	
SOFTX3000		V600R012C10		V600R012C10SPC203

SPS			V300R007C00		V300R007C00SPH103

STB			V100R002C15LLNL72	Terminal Middleware
			V100R002C15LSCD81	V100R001C06LCOE02SPC200
			V100R001C06LCOE01SPC200
	
Tecal E6000		V100R002		Tecal E6000 Chassis V100R001C00SPC111
						Tecal BH622 V2 V100R002C00SPC108
						Tecal BH640 V2 V100R002C00SPC107
						Tecal E6000 Chassis	V100R001C00
						Tecal E6000 Chassis V100R001C00SPC111
						Tecal BH622 V2 V100R002C00SPC108
						Tecal BH640 V2 V100R002C00SPC107

Tecal E9000 Chassis	V100R001		Tecal E9000 Chassis V100R001C00SPC160
						Tecal CH121 V100R001C00SPC150
						Tecal CH140 V100R001C00SPC100
						Tecal CH220 V100R001C00SPC150
						Tecal CH221 V100R001C00SPC150
						Tecal CH222 V100R002C00SPC150
						Tecal CH240 V100R001C00SPC150
						Tecal CH242 V100R001C00SPC150
						Tecal CH242 V3 V100R001C00SPC100

Tecal RH1288 V2		V100R002C00		V100R002C00SPC105

Tecal RH2285 V2		V100R002C00		V100R002C00SPC113

Tecal RH2285H V2	V100R002C00		V100R002C00SPC108

Tecal RH2288 V2		V100R002C00		V100R002C00SPC115

Tecal RH2288H V2	V100R002C00		V100R002C00SPC110

Tecal RH2485 V2		V100R002		V100R002C00SPC501

Tecal RH5885 V2		V100R001		V100R001C02SPC109
			V100R003

Tecal RH5885 V3		V100R003		V100R003C01SPC101

Tecal X6000		V100R002		Tecal XH310 V2 V100R001C00SPC107
						Tecal XH311 V2 V100R001C00SPC107
						Tecal XH320 V2 V100R001C00SPC109
						Tecal XH621 V2 V100R001C00SPC105

Tecal X8000		V100R001		Tecal DH310 V2 V100R001C00SPC107
						Tecal DH620 V2 V100R001C00SPC105
						Tecal DH621 V2 V100R001C00SPC105

WebLMT of BSC6900	BSC6900 V100R016C00	V100R016C00SPC600

WebLMT of BSC6910	BSC6910 V100R016C00	V100R016C00SPC600

WebLMT of eGBTS/NODEB/MBTS	BTS3900 V100R009C00	V100R009C00SPC100

WebLMT of eNodeb(FDD)	BTS3900 V100R009C00	V100R009C00SPC100

WebLMT of eNodeb(TDD)	BTS3900 V100R009C00	V100R009C00SPC100

WFM			V200R001C00		V200R001C00SPC131
			V100R001C01		V100R001C01SPC292

UAC3000			V100R003C00		CGP V100R006C60SPC609

UGC3200			UGC3200V200R010C00	CGP V100R006C60SPC609

UPCC			UPCC V300R006C01	V300R006C01SPC203
			UPCC V300R006C02	V300R006C02SPC105

UPS2000			V1R1C00/C10/C11/C30/C31	V100R001C10SPC401

UPS5000			V100R001C00/C01/C10/C02	V100R002C01SPC300
			V100R002C00/C01/C02/C03	V100R001C10SPC600
			V100R002C10/C11/C12/C13

USN9810			V900R012C01		V900R012C01SPH003

VGS SCG			V500R005C30		V500R005C30LG0001

Obtaining Fixed Software

Customers should contact Huawei TAC (Huawei Technical Assistance Center) to 
request the upgrades, or obtain them through Huawei worldwide website at 
http://support.huawei.com/support/.

For TAC contact information, please refer to the following links:

TAC for Carrier Customers:

http://support.huawei.com/support/pages/news/NewsInfoAction.do?actionFlag=view&doc_id=IN0000034614&colID=ROOTENWEB%7CCO0000000169%7CCO0000003000.

TAC for enterprise customers:

http://support.huawei.com/enterprise/NewsReadAction.action?contentId=NEWS1000000563 

TAC for Terminal Customers:

http://www.huaweidevice.com/resource/mini/201107199604/FAQ_ServiceHotline_en/index.html

http://www.huaweidevice.com/worldwide/netWorkPoint.do?method=index&directoryId=40
Exploitation and Vulnerability Source

This vulnerability is found by Codenomicon and Google security engineers.

Contact Channel for Technique Issue

For security problems about Huawei products and solutions, please contact 
PSIRT@huawei.com.

For general problems about Huawei products and solutions, please directly 
contact Huawei TAC (Huawei Technical Assistance Center) to request the 
configuration or technical assistance.

Revision History

2014-05-15 V3.2 UPDATED update the Software Versions and Fixes

2014-05-14 V3.1 UPDATED update the Software Versions and Fixes

2014-05-13 V3.0 UPDATED update the Software Versions and Fixes

2014-05-12 V2.9 UPDATED update the Software Versions and Fixes

2014-05-12 V2.8 UPDATED update the Software Versions and Fixes

2014-05-12 V2.7 UPDATED update the Software Versions and Fixes

2014-05-10 V2.6 UPDATED update the Software Versions and Fixes

2014-05-10 V2.5 UPDATED update the Software Versions and Fixes

2014-05-09 V2.4 UPDATED update the Software Versions and Fixes

2014-05-09 V2.3 UPDATED update the Software Versions and Fixes

2014-05-08 V2.2 UPDATED update the Software Versions and Fixes

2014-05-07 V2.1 UPDATED update the Software Versions and Fixes

2014-05-06 V2.0 UPDATED update the Software Versions and Fixes

2014-05-05 V1.9 UPDATED update the Software Versions and Fixes

2014-05-04 V1.8 UPDATED update the Software Versions and Fixes

2014-04-30 V1.7 UPDATED update the Software Versions and Fixes

2014-04-28 V1.6 UPDATED update the Software Versions and Fixes

2014-04-24 V1.5 UPDATED update the Software Versions and Fixes

2014-04-22 V1.4 UPDATED update the Software Versions and Fixes

2014-04-21 V1.3 UPDATED update the Software Versions and Fixes

2014-04-21 V1.2 UPDATED update the Software Versions and Fixes

2014-04-18 V1.1 UPDATED update the Software Versions and Fixes

2014-04-17 V1.0 INITIAL

Declaration

This document is provided on an "AS IS" basis and does not imply any kind of 
guarantee or warranty, either express or implied, including the warranties of 
merchantability or fitness for a particular purpose. In no event shall Huawei.
or any of its directly or indirectly controlled subsidiaries or its suppliers
be liable for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages. Your use of the 
document, by whatsoever means, will be totally at your own risk. Huawei is 
entitled to amend or update this document from time to time.

Huawei Security Procedures

Complete information on providing feedback on security vulnerability of Huawei 
products, getting support for Huawei security incident response services, and 
obtaining Huawei security vulnerability information, is available on Huawei's
worldwide website at http://www.huawei.com/en/security/psirt/.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU3rQORLndAQH1ShLAQK1LBAAn+2qEe+JevthDYMf//NlB8uvpo15alye
G10V+GLODRpdvwFFWly7RB27MYU6++NaeOzN/zrKMTHFoqK/16y94rZgDAw+87M+
2d9/cRjdmAomjkyJFAvohLz9LFXHrE6FP/i1eKFLdZl1KgE3cVXvWnZ7wExph8Zd
1AmsrLRzjGAm8pLIcQJiVlSnC8Y7LIzYAIPsLnmvive6DM/7cMrxN/LL3IJQ9oZM
pNVer+kw3gh9gmhmYnkGrZZpLJVyzWQaRSk448v2D8sZmbycPd3Yi93KjNnEB5PM
reMVfG6tI+YNoWfliy0RxTVQnJppTfVL9CxJ7dfbn5OSl9rLLz3Z0fNfc5T8yk1m
Z0CdwZkG15hwdZ9NNek8p10AV6EBqQNskwDdfipzMvyjlU3U7W6bFC4+5/fNfaYD
Rua5dvXoP4CvQd/Rl9ZLS/iYRyqHA0MuvNuQBCugOBZBopG28UzY2H2MujVaaQOM
WQwzfZ73djbwKTDB5jJzknZKJOm2kbZljwGoaE2/dWWqHWCbv1zh72Rqp5y6S7Xv
lLob2bcii7FNt0PUgq7C6orSocciarcM8+hCGUl9pDCJj3nv8lIwEmiv/4H6AD4n
xrRM5S75eoLDDlcdF4m5iGOOjXGBBupkrE9PxT9gF02NjmGjKWPu57RIaPkuXRzH
RaxE6zor0O4=
=phJq
-----END PGP SIGNATURE-----