安全预警-华为多款交换机存在Y.1731漏洞

攻击者可以构造特殊报文发送至设备处理，导致设备重启。

漏洞使用CVSSv2计分系统进行分级（http://www.first.org/cvss/）

基础得分：7.8(AV:N/AC:L/Au:N/C:N/I:N/A:C)

临时得分：6.4 (E:F/RL:O/RC:C)

1.前提条件：

以下规避措施举例仅适用于9300系列产品。其他产品没有规避措施。

关闭Y1731的统计功能，使用NQA的统计功能代替（具体步骤如下）

     1.查看是否配置Y173.1 接收功能,如果有则undo掉

[HUAWEI-md-1] display this

cfm md 1                                                                      

ma 1                                                                         

map vlan 100                                                                

mep mep-id 1 interface GigabitEthernet1/0/45 outward                        

mep ccm-send mep-id 1 enable                                                

remote-mep mep-id 2                                                          

remote-mep ccm-receive mep-id 2 enable                                      

delay-measure one-way receive                                               

delay-measure two-way receive

如果使能了Y173.1的接收功能则undo掉该功能

[HUAWEI-md1-ma1]undo delay-measure one-way receive

[HUAWEI-md1-ma1]undo delay-measure two-way receive

2.查看CFM的状态是否为up

在系统视图下使用display cfm  remote-mep md 1 ma 1 mep-id 2

[HUAWEI]disp cfm remote-mep md 1 ma 1 mep-id 1                                 

 MD Name            : 1                                                        

 Level              : 0                                                        

 MA Name            : 1                                                        

 RMEP ID            : 1                                                        

 VLAN ID            : 100                                                      

 VSI Name           : --                                                       

 L2VC ID            : --                                                        

 MAC                : 5489-98ee-98f4                                           

 CCM Receive        : enabled                                                  

 Trigger-If-Down    : disabled                                                  

 CFM Status         : up                                                       

 Alarm Status       : none                                                     

 Interface TLV      : --                                                        

 Connect Status     : up  

3.创建NQA测试例

[HUAWEI]nqa test-instance 1 1                                                          

 [HUAWEI-nqa-1-1]test-type macping                                                             

 [HUAWEI-nqa-1-1]probe-count 15                                                                

 [HUAWEI-nqa-1-1]destination-address remote-mep mep-id 2                                       

 [HUAWEI-nqa-1-1]md 1 ma 1

4.开始NQA测试

[HUAWEI-nqa-1-1]start now

5.查看测试结果

[HUAWEI-nqa-1-1]display nqa results

 NQA entry(1, 1) :testflag is active ,testtype is macping                      

  1 . Test 1 result   The test is finished                                     

   SendProbe:3                          ResponseProbe:3                        

   Completion:success                   RTD OverThresholds number:0            

   OWD OverThresholds SD number:0       OWD OverThresholds DS number:0         

   Min/Max/Avg/Sum RTT:3/4/4/11         RTT  Square Sum:41                      

   NumOfRTT:3                           Drop operation number:0                

   Operation sequence errors number:0   RTT Stats errors number:0              

   System busy operation number:0       Operation timeout number:0              

   Min Positive SD:1                    Min Positive DS:0                      

   Max Positive SD:1                    Max Positive DS:0                      

   Positive SD Number:1                 Positive DS Number:0                   

   Positive SD Sum:1                    Positive DS Sum:0                      

   Positive SD Square Sum:1             Positive DS Square Sum:0               

   Min Negative SD:0                    Min Negative DS:0                      

   Max Negative SD:0                    Max Negative DS:0                      

   Negative SD Number:0                 Negative DS Number:0                   

   Negative SD Sum:0                    Negative DS Sum:0                      

   Negative SD Square Sum:0             Negative DS Square Sum:0               

   Min Delay SD:0                       Min Delay DS:0                         

   Avg Delay SD:0                       Avg Delay DS:0                         

   Max Delay SD:0                       Max Delay DS:0                         

   Delay SD Square Sum:0                Delay DS Square Sum:0                  

   Packet Loss SD:0                     Packet Loss DS:0                       

   Packet Loss Unknown:0                Average of Jitter:1                    

   Average of Jitter SD:0               Average of Jitter DS:0                 

   jitter out value:0.0000000           jitter in value:0.0000000              

   NumberOfOWD:0                        Packet Loss Ratio: 0%                  

   OWD SD Sum:0                         OWD DS Sum:0                           

   ICPIF value: 0                       MOS-CQ value: 0                        

   TimeStamp unit: ms                                            

其中Min/Max/Avg/Sum RTT:3/4/4/11  分别是探针往返时间的最小值、最大值、平均值、总和。

Average of Jitter:1  为平均抖动值

升级版本信息：

用户可以通过华为TAC (Huawei Technical Assistance Center) 或华为网站（http://support.huawei.com/support/）获取补丁/更新版本。

TAC的联系方式见链接： http://www.huawei.com/cn/security/psirt/report-vulnerabilities/index.htm.

该漏洞由华为公司内部测试发现。华为应急响应团队并没有知悉该公告所描述的对该漏洞的任何公开声明或者恶意使用。

对于华为产品和解决方案的安全问题，请通过PSIRT@huawei.com联系华为PSIRT。

对于通用的华为产品和解决方案的问题，直接联系华为TAC(Huawei Technical Assistance Center)获取相关问题的配置或技术协助

2014-03-17 V1.0 INITIAL

无

本文件按“原样”提供，不承诺任何明示、默示和法定的担保，包括（但不限于）对适销性、适用性及不侵权的担保。在任何情况下，华为技术有限公司，或其直接或间接控制的子公司，或其供应商，对任何损失，包括直接，间接，偶然，必然的商业利润损失或特殊损失均不承担责任。您以任何方式使用本文件所产生的一切法律责任由您自行承担。华为可以随时对本文件所载的内容和信息进行修改或更新。

如果您要反馈华为产品的漏洞信息、获取华为公司安全应急响应服务及获取华为产品漏洞信息，请通过以下链接获取帮助：

http://www.huawei.com/cn/security/psirt。