This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our private policy>

Security Advisory-9 OpenSSL vulnerabilities on Huawei products

  • SA No:Huawei-SA-20141008-OpenSSL
  • Initial Release Date: 2014-10-08
  • Last Release Date: 2015-03-11

This security advisory (SA) describes the impact of 9 OpenSSL vulnerabilities discovered in third-party software. (Vulnerability ID: HWPSIRT-2014-0816)

These vulnerabilities are referenced in this document as follows:

1.Information leak in pretty printing functions (CVE-2014-3508). A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected.

The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3508

2.Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139). The issue affects OpenSSL clients and allows a malicious server to crash the client with a null pointer dereference (read) by specifying an SRP ciphersuite even though it was not properly negotiated with the client. This can be exploited through a Denial of Service attack.

The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5139

3.Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509). If a multithreaded client connects to a malicious server using a resumed session and the server   sends an ec point format extension it could write up to 255 bytes to freed memory.

The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3509

4.Double Free when processing DTLS packets (CVE-2014-3505). An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack.

The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3505

5.DTLS memory exhaustion (CVE-2014-3506). An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack.

The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3506

6.DTLS memory leak from zero-length fragments (CVE-2014-3507). By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack.

The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3507

7.OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510). OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference (read) by specifying an anonymous (EC)DH ciphersuite and sending carefully crafted handshake messages.

The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3510

8.OpenSSL TLS protocol downgrade attack (CVE-2014-3511). A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher protocol version, by modifying the client's TLS records.

The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3511

9.SRP buffer overrun (CVE-2014-3512). A malicious client or server can send invalid SRP parameters and overrun an internal buffer. Only applications which are explicitly set up for SRP use are affected.
The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3512
The 9 vulnerabilities affect the Huawei products that use OpenSSL. Some Products have provided the fixed versions.









Product Name

Affected Version

Solved version

AP5010DN-AGN

Earlier than V200R005C10 versions

AP5010DN-AGN V200R005C10

Basic Cloud Platform

V100R001C01

V100R001C01XNFS0106012

Dorado2100 G2

V100R001C00B010

V100R001C00SPCa00

Dorado2100

V100R001C00B011

V100R001C00SPCa00

Dorado5100

V100R001C00B010

V100R001C00SPCa00

eSDK Solution

V100R003C20

Upgrade to V100R003C30SPC100

eSight IT

V200R002C00

V200R002C00SPC301B011

eSight Network

V200R003C01

Upgrade to V200R003C10SPC205

V200R003C10

V200R003C10SPC205

eSight UC&C

V100R001C01B010

V100R001C01SPC303

V100R001C20

V100R001C20SPC306

V100R002C00

V300R002C00SPC200

eSpace CAD

V100R001C01

V100R001C01LHUE01SPC105

eSpace CC

V200R001C01

Upgrade to V200R001C03SPC205

eSpace DCM

V100R002C01

Official SUSE patch

eSpace IVS

V100R001C02SPC100

V100R001C02SPC121

FusionAccess

FusionAccess V100R005C10

Upgrade to V100R005C20

FusionCompute

V100R003C10SPC600 and earlier versions

V100R003C10CP6001

HUAWEI S12700

Earlier than V200R006C00SPC300 versions

V200R006C00SPC300

ManageOne

ManageOne OC V100R002C00

ManageOne OC V100R002C10

ManageOne SC V100R002C10

ManageOne V100R001C01

ManageOne V100R001C02

Official SUSE Patch

OceanStor S6800T

V100R005C02

Upgrade to V100R005C30SPC300

V100R001C00

Upgrade to V100R005C30SPC300

V200R002C10

Upgrade to V200R002C20SPC100

V200R002C00

V200R002C00SPC400

OceanStor S2600T

V100R005C01

Upgrade to V100R005C30SPC300

V200R001C00

Upgrade to V200R002C00SPC400

V100R002C00

Upgrade to V100R005C30SPC300

V200R002C10

Upgrade to V200R002C20SPC100

V200R002C00

V200R002C00SPC400

OceanStor S5500T

V100R001C00

Upgrade to V100R005C30SPC300

V200R002C10

Upgrade to V200R002C20SPC100

V100R005C50

Upgrade to V200R002C20SPC100

OceanStor 18800

V100R001C00

V100R001C00SPC300

OceanStor S5600T

Earlier than  V100R005C30SPC300 versions

V100R005C30SPC300

V200R002C10

Upgrade to V200R002C20SPC100

V200R002C00

V200R002C00SPC400

OceanStor S5800T

V100R001C00

Upgrade to V100R005C30SPC300

V200R002C10

Upgrade to V200R002C20

V200R001C00

Upgrade to V200R002C00SPC400

Earlier than V200R002C00SPC400 versions

V200R002C00SPC400

OceanStor 18800F

V100R001C00

V100R001C00SPC300

OceanStor 18500

V100R001C00

V100R001C00SPC300

OceanStor 6800 V3

V300R001C00

V300R001C10SPC100

OceanStor N8500

Earlier than V200R001C09SPC500 versions

V200R001C09SPC502

V200R001C91SPC200

V200R001C91SPC202

OceanStor HVS88T

V100R001C00

V100R001C00SPC300

OceanStor HVS85T

V100R001C00

V100R001C00SPC300

OceanStor S2200T

V100R005C00

Upgrade to V100R005C30SPC300

OceanStor S2900

V100R002C01

Upgrade to V100R005C30SPC300

OceanStor S3900

V100R001C00

Upgrade to V100R005C30SPC300

OceanStor S5900

V100R001C00

Upgrade to V100R005C30SPC300

OceanStor S6900

V100R001C00

Upgrade to V100R005C30SPC300

OceanStor Dorado2100

V100R001C00

V100R001C00SPCa00

OceanStor Dorado2100 G2

V100R001C00

V100R001C00SPCa00

OceanStor Dorado5100

V100R001C00

V100R001C00SPCa00

OceanStor UDS

V100R002C00

Upgrade to V100R002C01 SPC101

Policy Center

V100R003C00

Upgrade to V100R003C10

RSE6500

V100R001C00

V100R001C00SPC200

S2200T

Earlier than  V100R005C30SPC300 versions

V100R005C30SPC300

S2600T

V100R005C01T

Upgrade to V100R005C30SPC300

S3300

V100R006C05

V100R006HP0011

S7700

Earlier than V200R006C00SPC300 versions

V200R006C00SPC300

SoftCo

V100R003C01B204

Upgrade to V200R001C01SPC500

SmartCDN

SmartCDN V100R001C05

Smart CDN V100R001C05SPC600T

Tecal RH2285H

V100R002C00

RH2285H V2 V100R002C00SPC112

Tecal RH2288 V2

V100R002C00

V100R002C00SPC118

Tecal RH2288E V2

V100R002C00

V100R002C00SPC102

Tecal RH2288H V2

V100R002C00

V100R002C00SPC116

Tecal RH2485 V2

V100R002C00

V100R002C00SPC503

Tecal RH5885 V2

V100R001C00

Upgrade to V100R001C02SPC200

Tecal RH5885 V3

V100R003C00

Upgrade to V100R003C01SPC106

V100R003C01

V100R003C01SPC106

Tecal RH5885H V3

V100R003C00

V100R003C00SPC105B010

TMS1000

Earlier than  V100R005C00SPC305 versions

V100R005C00SPC305

TSM

TSM V100R002C01

Upgrade to V100R002C07SPC224

TSM V100R003C00

Upgrade to Policy Center V100R003C10

USG9560

Earlier than V300R001C01SPH303 verions

USG9560 V300R001C01SPH303

USG9500

V200R001C01

Upgrade to V300R001C01SPH303

USG9300

USG9300 V100R003C00

Upgrade to USG9500 V300R001C01SPH303

Successful exploitation of these vulnerabilities may allow an attacker to create a denial of service condition, disclose sensitive information, or execute arbitrary code with elevated privileges.

The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).

1.CVE-2014-3508:

Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Temporal Score: 3.6 (E:F/RL:O/RC:C)

Overall Score: 3.6

2.CVE-2014-5139:

Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Temporal Score: 3.6 (E:F/RL:O/RC:C)

Overall Score: 3.6

3.CVE-2014-3509:

Base Score: 6.8(AV:N/AC:M/AU:N/C:P/I:P/A:P)

Temporal Score: 5.6 (E:F/RL:O/RC:C)

Overall Score: 5.6

4.CVE-2014-3505:

Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Temporal Score: 4.1 (E:F/RL:O/RC:C)

Overall Score: 4.1

5.CVE-2014-3506:

Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Temporal Score: 4.1 (E:F/RL:O/RC:C)

Overall Score: 4.1

6.CVE-2014-3507:

Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Temporal Score: 4.1 (E:F/RL:O/RC:C)

Overall Score: 4.1

7.CVE-2014-3510:

Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Temporal Score: 3.6 (E:F/RL:O/RC:C)

Overall Score: 3.6

8.CVE-2014-3511:

Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Temporal Score: 3.6 (E:F/RL:O/RC:C)

Overall Score: 3.6

9.CVE-2014-3512:

Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Temporal Score: 6.2(E:F/RL:O/RC:C)

Overall Score: 6.2

For additional details, customers are advised to reference the OpenSSL Project security advisory: http://www.openssl.org/news/secadv_20140806.txt

Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm.


These vulnerabilities are disclosed by OpenSSL official website. 

For security problems about Huawei products and solutions, please contactPSIRT@huawei.com.

For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance.


2015-03-11 V1.2 UPDATED Update the link information
2015-01-21 V1.1 UPDATED Update the affected products list

2014-10-08 V1.0 INITIAL

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.


Complete information for providing feedback on security vulnerability of Huawei products, getting support for Huawei security incident response services, and obtaining Huawei security vulnerability information, is available on Huawei's worldwide website at http://www.huawei.com/en/security/psirt/.