本站点使用cookies,继续浏览表示您同意我们使用cookies。Cookies和隐私政策

集团网站 选择区域/语言
集团网站
公司介绍、新闻动态、展会活动等信息
消费者业务网站
手机,PC和平板等智慧生活产品
企业业务网站
企业商用产品、解决方案和服务
运营商业务网站
运营商网络解决方案、产品及服务
华为云网站
华为云服务及解决方案

选择区域/语言

安全公告-关于Bash恶意代码注入安全漏洞的声明

  • 初始发布时间: 2014-09-25
  • 更新发布时间: 2014-11-04

华为注意到NVD(National Vulnerability Database)网站在2014年9月24日发布了调用Bash时允许远程攻击者执行注入到环境变量中任意代码的安全漏洞(CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186和CVE-2014-7187),并第一时间启动了分析调查。

相关的调查工作已经结束,调查证实,华为部分产品受到这个漏洞的影响。2014年10月24日,华为发布了Bash恶意代码注入安全漏洞的安全预警。客户可以通过华为当地的技术服务寻求关于产品安全漏洞的必要支持。相关链接:

http://www.huawei.com/cn/security/psirt/security-bulletins/security-advisories/hw-377649.htm

受影响产品:

产品信息

版本信息

Agile Controller-Campus

Agile Controller-Campus V100R001

BSC6000

BSC6000 V900R008C01/C15
BSC6000 V901R013C00

E6000 Blade Server

BH620 V2 V100R002C00
BH621 V2 V100R001C00
BH622 V2 V100R001C00
BH640 V2 V100R001C00

E6000 Chassis

E6000 Chassis V100R001C00

E9000 Blade Server

CH121 V100R001C00
CH140 V100R001C00
CH220 V100R001C00
CH221 V100R001C00
CH222 V100R002C00
CH240 V100R001C00
CH242 V100R001C00
CH242 V3 V100R001C00

E9000 Chassis

E9000 Chassis V100R001C00

eSpace CAD

eSpace CAD V100R001

eLog

eLog V100R003
eLog V200R003

eSight Network

eSight Network V200R003C01/C10

eSight UC&C

eSight UC&C V100R001C01/C20

eSpace CC

eSpace CC V100R001
eSpace CC V200R001

eSpace DCM

eSpace DCM V100R002

eSpace IVS

eSpace IVS V100R001

eSpace Meeting

eSpace Meeting V100R001

eSpace U2980

eSpace U2980 V100R001

eSpace U2990

eSpace U2990 V200R001

eSpace UC

eSpace UC V100R001/R002
eSpace UC V200R001/R002

eSpace UMS

eSpace UMS V200R002

eSpace USM

eSpace USM V100R001

eSpace V1300N

eSpace V1300N V100R002

eSpace VTM

eSpace VTM V100R001

FusionAccess

FusionAccess V100R005C10

FusionCompute

FusionCompute V100R003C00/C10

FusionManager

FusionManager V100R003C10

FusionStorage DSware

FusionStorage V100R003C02SPC100/SPC200

GalaX8800

GalaX8800 V100R002C00/C01/C85

GTSOFTX3000

GTSOFTX3000 V200R001C01SPC100

High-Density Server

DH310 V2 V100R001C00
DH320 V2 V100R001C00
DH321 V2 V100R002C00
DH620 V2 V100R001C00
DH621 V2 V100R001C00
DH628 V2 V100R001C00
XH310 V2 V100R001C00
XH320 V2 V100R001C00
XH321 V2 V100R002C00
XH621 V2 V100R001C00

iSOC

iSOC V200R001

ManageOne

ManageOne V100R001C01/C02
ManageOne V100R002C00/C10/C20

OceanStor 18500

OceanStor 18500 V100R001C00

OceanStor 18800

OceanStor 18800 V100R001C00

OceanStor 18800F

OceanStor 18800F V100R001C00

OceanStor 9000

OceanStor 9000 V100R001C01/C10

OceanStor 9000E

OceanStor 9000E V100R001C01
OceanStor 9000E V100R002C00/C19

OceanStor CSE

OceanStor CSE V100R001C01
OceanStor CSE V100R002C00LHWY01
OceanStor CSE V100R002C00LSFM01
OceanStor CSE V100R002C10
OceanStor CSE V100R003C00

OceanStor CSS

OceanStor CSS V100R001C00/C01/C02/C03/C05
OceanStor CSS V100R002C00

OceanStor Dorado

OceanStor Dorado2100 V100R001C00
OceanStor Dorado2100 G2 V100R001C00
OceanStor Dorado5100 V100R001C00

OceanStor HDP

OceanStor HDP3500E V100R002C00
OceanStor HDP3500E V100R003C00

OceanStor HVS85T

OceanStor HVS85T V100R001C00/C99

OceanStor HVS88T

OceanStor HVS88T V100R001C00

OceanStor N8000

OceanStor N8300 V100R002C00
OceanStor N8500 V100R001C01
OceanStor N8500 V100R002C00
OceanStor N8500 V200R001C00/C10/C09/C91

OceanStor S2000

OceanStor S2300 V100R001C02

OceanStor S2200T

OceanStor S2200T V100R005C00/C01/C02/C30

OceanStor S2600

OceanStor S2600 V100R001C02
OceanStor S2600 V100R005C02

OceanStor S2600T

OceanStor S2600T V100R002C00/C01
OceanStor S2600T V100R003C00
OceanStor S2600T V100R005C00/C01/C02/C30
OceanStor S2600T V200R002C00
OceanStor S2900 V100R002C01

OceanStor S5000

OceanStor S5300 V100R001C01
OceanStor S5300 V100R005C02
OceanStor S5500 V100R001C01
OceanStor S5500 V100R005C02
OceanStor S5600 V100R001C01
OceanStor S5600 V100R005C02

OceanStor S5500T

OceanStor S3900 V100R001C00
OceanStor S3900 V100R002C00
OceanStor S5500T V100R001C00/C01
OceanStor S5500T V100R002C00/C01
OceanStor S5500T V100R003C00
OceanStor S5500T V100R005C00/C01/C02/C30
OceanStor S5500T V200R002C00

OceanStor S5600T

OceanStor S5600T V100R001C00/C01
OceanStor S5600T V100R002 C00/C01
OceanStor S5600T V100R003C00
OceanStor S5600T V100R005C00/C01/C02/C30
OceanStor S5600T V200R002C00
OceanStor S5900 V100R001C00
OceanStor S5900 V100R002C00

OceanStor S5800T

OceanStor S5800T V100R001C00/C01
OceanStor S5800T V100R002C00/C01
OceanStor S5800T V100R003C00
OceanStor S5800T V100R005C00/C01/C02/C30
OceanStor S5800T V200R002C00
OceanStor S5800T V200R001C00
OceanStor S5800T V200R002C00/C10/C20
OceanStor S6900 V100R001C00
OceanStor S6900 V100R002C00

OceanStor S6800

OceanStor S6800E V100R005C02

OceanStor S6800T

OceanStor S6800T V100R001C00/C01
OceanStor S6800T V100R002C00/C01
OceanStor S6800T V100R003C00
OceanStor S6800T V100R005C00/C01/C02/C30
OceanStor S6800T V200R002C00

OceanStor SNS

OceanStor SNS2120 V100R001C00
OceanStor SNS5120 V100R001C00

OceanStor UDS

OceanStor UDS V100R001C00
OceanStor UDS V100R002C00/C01
OceanStor UDS V100R002C00LVDF01

OceanStor V1000

OceanStor V1500 V100R001C02
OceanStor V1800 V100R001C02

OceanStor VIS6600

OceanStor VIS6600 V100R002C02
OceanStor S8100 V100R002C01
OceanStor VIS6600T V200R003C10

OceanStor VTL

OceanStor VTL3500 V100R002C01
OceanStor VTL6000 V100R003C01/C02
OceanStor VTL6900 V100R005C00

OIC

OIC V100R001

OMM Solution

OMM Solution V100R001

Rack server

RH1288 V2 V100R002C00
RH2285 V2 V100R002C00
RH2285H V2 V100R002C00
RH2288 V2 V100R002C00
RH2288E V2 V100R002C00
RH2288H V2 V100R002C00
RH2485 V2 V100R002C00
RH5885 V2 V100R001C00
RH5885 V3 V100R003C00
RH5885H V3 V100R003C00

SIG9800

SIG9800-X16 V300R001C00
SIG9800-X16 V300R002C10

UMA

UMA V100R001
UMA V200R001

UMA-DB

UMA-DB V100R001

VAE

VAE V100R001C01

eSpace VCN3000

eSpace VCN3000 V100R001

DC

DC V100R002

NVS

NVS V100R002

eSight

eSight V300R001C00

eSight V300R001C10

不受漏洞影响产品:

产品信息

AR/NE16EX-8系列路由器

BMA/ CH242 V3/ RH2288 V3 / RH8100 V3

Eudemon/ SVN/ USG/ NIP/ ASG/ AntiDDoS/ AVE/ SRG/ WAF series 防火墙

FusionInsight

IAD系列统一接入产品 

IPC系列摄像机

OceanStor Dorado V3/ OceanStor InfraControl / OceanStor ReplicationDirector / OceanStor UltraVR/ UltraPath

S系列交换机/ CloudEngine系列交换机

TE系列终端

U1900系列IP-PBX产品  

UAP33/21系列产品     

VDesktop6000

WLAN系列产品

智真系列



如下描述的基于网络层面的缓解措施可以帮助一些客户来降低风险。

华为于9月26日发布了最新的特征码(IPS_H20011000_2014092600/ IPS_H20011001_2014092608/ IPS_H20010000_2014092605),其适用于集成了IPS功能的华为NGFW(下一代防火墙)产品和数据中心防火墙产品,该升级可以用于检测和防护来自于网络层面的Bash漏洞。

2014-11-04 V2.1 UPDATED updated list of affected products

2014-10-29 V2.0 UPDATED updated list of affected products

2014-10-28 V1.9 UPDATED updated list of affected products

2014-10-25 V1.8 UPDATED updated list of affected products and give SA link

2014-10-10 V1.7 UPDATED updated list of affected products

2014-10-02 V1.6 UPDATED updated list of products not affected

2014-09-30 V1.5 UPDATED updated list of products not affected

2014-09-30 V1.4 UPDATED added list of products not affected

2014-09-29 V1.3 UPDATED updated list of affected products

2014-09-28 V1.2 UPDATED updated list of affected products

2014-09-26 V1.1 UPDATED added workarounds and list of affected products

2014-09-25 V1.0 INITIAL

华为一贯主张尽全力保障产品用户的最终利益,遵循负责任的安全事件披露原则,并通过产品安全问题处理机制处理产品安全问题。若您在华为的产品中发现任何安全问题,请通过下列邮箱地址报告给华为psirt@huawei.com

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6277

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6278

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7186

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7187

在线客服

在线客服

个人及家庭产品

热线:950800(7*24小时)

查找零售店
咨询客服

华为云服务

热线:4000-955-988|950808

预约售前专属顾问
智能客服

企业服务

热线:400-822-9999

查找经销商
咨询客服

运营商网络服务

热线:4008302118

技术支持中心
查看全部联系方式