本站点使用cookies,继续浏览表示您同意我们使用cookies。Cookies和隐私政策
华为注意到NVD(National Vulnerability Database)网站在2014年9月24日发布了调用Bash时允许远程攻击者执行注入到环境变量中任意代码的安全漏洞(CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186和CVE-2014-7187),并第一时间启动了分析调查。
相关的调查工作已经结束,调查证实,华为部分产品受到这个漏洞的影响。2014年10月24日,华为发布了Bash恶意代码注入安全漏洞的安全预警。客户可以通过华为当地的技术服务寻求关于产品安全漏洞的必要支持。相关链接:
http://www.huawei.com/cn/security/psirt/security-bulletins/security-advisories/hw-377649.htm
受影响产品:
产品信息 |
版本信息 |
Agile Controller-Campus |
Agile Controller-Campus V100R001 |
BSC6000 |
BSC6000 V900R008C01/C15 |
E6000 Blade Server |
BH620 V2 V100R002C00 |
E6000 Chassis |
E6000 Chassis V100R001C00 |
E9000 Blade Server |
CH121 V100R001C00 |
E9000 Chassis |
E9000 Chassis V100R001C00 |
eSpace CAD |
eSpace CAD V100R001 |
eLog |
eLog V100R003 |
eSight Network |
eSight Network V200R003C01/C10 |
eSight UC&C |
eSight UC&C V100R001C01/C20 |
eSpace CC |
eSpace CC V100R001 |
eSpace DCM |
eSpace DCM V100R002 |
eSpace IVS |
eSpace IVS V100R001 |
eSpace Meeting |
eSpace Meeting V100R001 |
eSpace U2980 |
eSpace U2980 V100R001 |
eSpace U2990 |
eSpace U2990 V200R001 |
eSpace UC |
eSpace UC V100R001/R002 |
eSpace UMS |
eSpace UMS V200R002 |
eSpace USM |
eSpace USM V100R001 |
eSpace V1300N |
eSpace V1300N V100R002 |
eSpace VTM |
eSpace VTM V100R001 |
FusionAccess |
FusionAccess V100R005C10 |
FusionCompute |
FusionCompute V100R003C00/C10 |
FusionManager |
FusionManager V100R003C10 |
FusionStorage DSware |
FusionStorage V100R003C02SPC100/SPC200 |
GalaX8800 |
GalaX8800 V100R002C00/C01/C85 |
GTSOFTX3000 |
GTSOFTX3000 V200R001C01SPC100 |
High-Density Server |
DH310 V2 V100R001C00 |
iSOC |
iSOC V200R001 |
ManageOne |
ManageOne V100R001C01/C02 |
OceanStor 18500 |
OceanStor 18500 V100R001C00 |
OceanStor 18800 |
OceanStor 18800 V100R001C00 |
OceanStor 18800F |
OceanStor 18800F V100R001C00 |
OceanStor 9000 |
OceanStor 9000 V100R001C01/C10 |
OceanStor 9000E |
OceanStor 9000E V100R001C01 |
OceanStor CSE |
OceanStor CSE V100R001C01 |
OceanStor CSS |
OceanStor CSS V100R001C00/C01/C02/C03/C05 |
OceanStor Dorado |
OceanStor Dorado2100 V100R001C00 |
OceanStor HDP |
OceanStor HDP3500E V100R002C00 |
OceanStor HVS85T |
OceanStor HVS85T V100R001C00/C99 |
OceanStor HVS88T |
OceanStor HVS88T V100R001C00 |
OceanStor N8000 |
OceanStor N8300 V100R002C00 |
OceanStor S2000 |
OceanStor S2300 V100R001C02 |
OceanStor S2200T |
OceanStor S2200T V100R005C00/C01/C02/C30 |
OceanStor S2600 |
OceanStor S2600 V100R001C02 |
OceanStor S2600T |
OceanStor S2600T V100R002C00/C01 |
OceanStor S5000 |
OceanStor S5300 V100R001C01 |
OceanStor S5500T |
OceanStor S3900 V100R001C00 |
OceanStor S5600T |
OceanStor S5600T V100R001C00/C01 |
OceanStor S5800T |
OceanStor S5800T V100R001C00/C01 |
OceanStor S6800 |
OceanStor S6800E V100R005C02 |
OceanStor S6800T |
OceanStor S6800T V100R001C00/C01 |
OceanStor SNS |
OceanStor SNS2120 V100R001C00 |
OceanStor UDS |
OceanStor UDS V100R001C00 |
OceanStor V1000 |
OceanStor V1500 V100R001C02 |
OceanStor VIS6600 |
OceanStor VIS6600 V100R002C02 |
OceanStor VTL |
OceanStor VTL3500 V100R002C01 |
OIC |
OIC V100R001 |
OMM Solution |
OMM Solution V100R001 |
Rack server |
RH1288 V2 V100R002C00 |
SIG9800 |
SIG9800-X16 V300R001C00 |
UMA |
UMA V100R001 |
UMA-DB |
UMA-DB V100R001 |
VAE |
VAE V100R001C01 |
eSpace VCN3000 |
eSpace VCN3000 V100R001 |
DC |
DC V100R002 |
NVS |
NVS V100R002 |
eSight |
eSight V300R001C00 |
eSight V300R001C10 |
不受漏洞影响产品:
产品信息 |
AR/NE16EX-8系列路由器 |
BMA/ CH242 V3/ RH2288 V3 / RH8100 V3 |
Eudemon/ SVN/ USG/ NIP/ ASG/ AntiDDoS/ AVE/ SRG/ WAF series 防火墙 |
FusionInsight |
IAD系列统一接入产品 |
IPC系列摄像机 |
OceanStor Dorado V3/ OceanStor InfraControl / OceanStor ReplicationDirector / OceanStor UltraVR/ UltraPath |
S系列交换机/ CloudEngine系列交换机 |
TE系列终端 |
U1900系列IP-PBX产品 |
UAP33/21系列产品 |
VDesktop6000 |
WLAN系列产品 |
智真系列 |
如下描述的基于网络层面的缓解措施可以帮助一些客户来降低风险。
华为于9月26日发布了最新的特征码(IPS_H20011000_2014092600/ IPS_H20011001_2014092608/ IPS_H20010000_2014092605),其适用于集成了IPS功能的华为NGFW(下一代防火墙)产品和数据中心防火墙产品,该升级可以用于检测和防护来自于网络层面的Bash漏洞。
2014-11-04 V2.1 UPDATED updated list of affected products
2014-10-29 V2.0 UPDATED updated list of affected products
2014-10-28 V1.9 UPDATED updated list of affected products
2014-10-25 V1.8 UPDATED updated list of affected products and give SA link
2014-10-10 V1.7 UPDATED updated list of affected products
2014-10-02 V1.6 UPDATED updated list of products not affected
2014-09-30 V1.5 UPDATED updated list of products not affected
2014-09-30 V1.4 UPDATED added list of products not affected
2014-09-29 V1.3 UPDATED updated list of affected products
2014-09-28 V1.2 UPDATED updated list of affected products
2014-09-26 V1.1 UPDATED added workarounds and list of affected products
2014-09-25 V1.0 INITIAL
华为一贯主张尽全力保障产品用户的最终利益,遵循负责任的安全事件披露原则,并通过产品安全问题处理机制处理产品安全问题。若您在华为的产品中发现任何安全问题,请通过下列邮箱地址报告给华为psirt@huawei.com。
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6277
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6278
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7186
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7187