This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our private policy>

Security Notice - Statement on Qualys Revealing the glibc Buffer Overflow Vulnerability

  • Initial Release Date: 2015-01-29
  • Last Release Date: 2015-12-15

Huawei noticed that Qualys had disclosed the buffer overflow in the GNU C Library (glibc) on January 27th, 2015, Applications call various gethostbyname function are affected and attackers can exploit this vulnerability to perform remote code execution. Huawei immediately launched a thorough investigation.

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-0235.

The investigation has been completed partially and it is confirmed that some Huawei products are affected.

Huawei has released a security advisory (SA) and workarounds. Customers can ask for support from local Huawei technical support services if necessary. The SA link is:

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-415364.htm

The following Huawei products Confirmed Vulnerable:

 

Product name

Affected version

AR510

AR510 V200R005C30

AR3200

AR3200 V200R005C30

BH620

iMana software V2.26 and earlier versions

BH620 V2

iMana software V7.05 and earlier versions

BH621 V2

BH622 V2

BH640 V2

Campus Controller

Campus Controller V100R001C00

CH121

iMana software V6.05 and earlier versions

CH121 V3

iBMC software V1.27and earlier versions

CH140

iMana software V6.05 and earlier versions

CH220

iMana software V6.05 and earlier versions

CH221

iMana software V6.05 and earlier versions

CH222

iMana software V6.05 and earlier versions

CH222 V3

iBMC software V1.28 and earlier versions

CH240

iMana software V6.05 and earlier versions

CH242

iMana software V6.05 and earlier versions

CH242 V3

iBMC software V6.05 and earlier versions

CloudEngine 12800

CloudEngine 12800 V100R003C00

CloudEngine 12800 V100R003C10

CloudEngine 5800

CloudEngine 5800V100R003C00

CloudEngine 5800V100R003C10

CloudEngine 6800

CloudEngine 6800V100R003C00

CloudEngine 6800V100R003C10

CloudEngine 7800

CloudEngine 7800V100R003C00

CloudEngine 7800V100R003C10

DC

DC V100R002

DH310 V2

iMana software V7.05 and earlier versions

DH320 V2

DH321 V2

DH620 V2

DH621 V2

DH628 V2

E6000 Chassis

MM software V5.20 and earlier versions

E9000 Chassis

MM software V3.05 and earlier versions

eLog

eLog V100R003C01

eLog V200R003C10

eLWP

eLWP V100R001C20

eSight Network

eSight Network V200R003C01

eSight Network V200R003C10

eSight Network V200R005C00

eSight Server

eSight Server MGMT V100R001C00

eSight Server V300R002C00

eSight Server V300R003C00

eSight UC&C

eSight UC&C V100R001C01

eSight UC&C V100R001C20

eSpace 7910

eSpace 7910 V100R001C01 

eSpace 7910 V100R001C50     

eSpace 7910 V200R002C00     

eSpace 7910 V200R003C00

eSpace 7950

eSpace 7950 V100R001C01     

eSpace 7950 V100R001C02     

eSpace 7950 V100R001C30     

eSpace 7950 V100R001C50     

eSpace 7950 V200R002C00     

eSpace 7950 V200R003C00

eSpace CAD

eSpace CAD V100R001

eSpace CC

eSpace CC V100R001

eSpace CC V200R001

eSpace DCM

eSpace DCM V100R001
eSpace DCM V100R002

eSpace EMS

eSpace EMS V200R001C03

eSpace IPC

eSpace IPC V100R001C11

eSpace IPC V100R001C21

eSpace IVS

eSpace IVS V100R001

eSpace Meeting

eSpace Meeting V100R001

eSpace U2980

eSpace U2980 V100R001

eSpace U2990

eSpace U2990 V200R001

eSpace UC

eSpace UC V100R002

eSpace UC V200R001

eSpace UC V200R002

eSapce USM

eSapce USM V100R001

eSapce UMS

eSapce UMS V200R002

eSpace VTM

eSpace VTM V100R001

eSpace VTM V100R002

FusionAccess

FusionAccess V100R005C10

FusionAccess V100R005C20

FusionAdaptor

FusionAdaptor V1.2.00.100

FusionCompute

FusionCompute V100R002C02

FusionCompute V100R003C00

FusionCompute V100R003C10

FusionCompute V100R005C00

FusionCloud Desktop Solution

FusionCloud Desktop Solution V100R005C20

FusionManager

FusionManager V100R003C00                           

FusionManager V100R003C10                          

FusionManager V100R005C00

FusionManager V100R005C10

FusionStorage DSware

FusionStorage DSware V100R003C00

FusionStorage DSware V100R003C02

GalaX8800

GalaX8800 V100R002C01

IPC6112-D

IPC6112-D V100R001C10

IPC6122-D

IPC6122-D V100R001C10

IPC6221-VRZ

IPC6221-VRZ V100R001C00

L2800

L2800 V100R001C00

ManageOne

ManageOne V100R001C01

N8500 (HyperDP)

N8500 V200R001C09

N8500 V200R001C91

NVS

NVS V100R002

OceanStor 9000

OceanStor 9000 V100R001C01                      

OceanStor 9000 V100R001C10

OceanStor 9000E

OceanStor 9000E V100R001C01            

OceanStor 9000E V100R002C00    

OceanStor 9000E V100R002C19

OceanStor Backup Software

OceanStor Backup Software V100R001C00

OceanStor CSE

OceanStor CSE V100R003C00

OceanStor CSE V100R002C00

OceanStor CSE V100R001C01

OceanStor Replication Director

OceanStor ReplicationDirector V100R002C00

OceanStor HDP3500E

OceanStor HDP3500E V100R002C00

OceanStor HDP3500E V100R003C00

OceanStor UDS

OceanStor UDS V100R002C00

OceanStor UDS V100R002C01

OceanStor VTL6900

OceanStor VTL6000 V100R003C01

OceanStor VTL6000 V100R003C02

OceanStor VTL6900 V100R005C00

OceanStor VTL6900 V100R005C10

OMM Solution

OMM Solution V100R001C00

RH1285

iMana software V2.28 and earlier versions

RH2285

iMana software V2.25 and earlier versions

RH1288 V2

iMana software V7.05 and earlier versions

RH2265 V2

RH2285 V2

RH2265H V2

RH2285H V2

RH2268 V2

RH2288 V2

RH2288H V2

RH2288E V2

RH2485 V2

RH5885 V2

iMana software V5.50 and earlier versions

RH5885 V3

iMana software V7.05 and earlier versions

RH5885H V3

iMana software V7.05 and earlier versions

RH1288 V3

iBMC software V1.28 and earlier versions

RH2288 V3

RH2288H V3

RH1288A V2

RH2288A V2

RH8100 V3

RSE6500

RSE6500 V100R001C00

SAP HANA Appliance

SAP HANA Appliance V100R001C00

Tecal XH310 V2

Tecal XH310 V2 V100R001C00SPC100

Tecal XH311 V2

Tecal XH311 V2 V100R001C00

Tecal XH320 V2

Tecal XH320 V2 V100R001C00

Tecal XH321 V2

Tecal XH321 V2 V100R002C00

Tecal XH621 V2

Tecal XH621 V2 V100R001C00

UltraVR

UltraVR V100R003C00

V1300N

V1300N V100R002

VAE

V100R001

VTL3500

VTL3500 V100R002C01

XH310

iBMC software V2.12 and earlier versions

XH320

iMana software V2.05 and earlier versions

XH620

iMana software V2.17 and earlier versions

XH310 V2

iMana software V7.05 and earlier versions

XH311 V2

XH320 V2

XH321 V2

XH621 V2

XH628 V3

iBMC software V1.28 and earlier versions

MM810 V3

The following Huawei products Confirmed Not Vulnerable:

 

Product Name

AC6005

AC6605

ACU2

AP2010DN

AP3010DN-AGN

AP3010DN-AGN-FAT

AP5010DN-AGN

AP5010DN-AGN-FAT

AP5010SN-GN

AP5010SN-GN-FAT

AP5030DN

AP5030DN-FAT

AP5130DN

AP5130DN-FAT

AP6010DN-AGN

AP6010DN-AGN-FAT

AP6010SN-GN

AP6010SN-GN-FAT

AP6310SN-GN

AP6510DN-AGN

AP6510DN-AGN-FAT

AP6610DN-AGN

AP6610DN-AGN-FAT

AP7030DE

AP7110DN-AGN

AP7110DN-AGN-FAT

AP7110SN-GN

AP8030DN

AP8030DN-FAT

AP8130DN

AP8130DN-FAT

AP9130DN-FAT

AP9330DN

APP SERVER

AR-UMS

AT815SN

Carrier DC Server

Data Center OutSourcing

DC Server

EDC Outsourcing

EDC Solution

eSpace 7903X

eSpace 8850

eSpace 8950

eSDK OceanStor

eSpace Audio Recorder

eSpace EGW1500E

Eudemon8000E-X8

FusionCloud Server

FusionCloud Server II

FusionServer 9032

FusionServer Tools

HMM

iBMC

iCE

IDC Outsourcing

infracontrol plug-in

IPC6125-WDL

IPC6523-Z22-I

IPC6611-Z30-I

IPC6621-Z30-I

iSOC 9000

MicroDC

MIP550

MX8910

NAG3050

OceanStor 18500

OceanStor 18800

OceanStor 18800F

OceanStor 6900 V3

OceanStor HVS85T

OceanStor HVS88T

OceanStor InfraControl

OceanStor S2600T

OceanStor S5500T

OceanStor S5600T

OceanStor S5800T

OceanStor S6800T

OceanStor Toolkit

OSCA

Policy Center

POMU

PowerCache-Ram-Based SSD

Rainbow

RH2288 V3

RH2488 V2

S1700

S2700

S5700

S5720HI

S7700

S9300

S9700

S12700

Secospace AntiDDoS8030

Secospace USG6600

Shared DR Solution.

SmartCDN

Tecal Tecal RH1120_Inactive

TeleClassroom

UltraPath

USG5500

USG9560

VDesktop6000

VP9660

WA603SN

WA653SN

WLAN AP

X6800

X8000

X8000 Rack

XH320

XH620

Huawei Mobile smartphones

Huawei MBB products


2015-12-15 V2.2 FINAL
2015-03-16 V2.1 UPDATED updated list of affected products
2015-03-12 V2.0 UPDATED updated list of affected products
2015-03-02 V1.9 UPDATED updated list of affected products
2015-02-26 V1.8 UPDATED updated list of affected products and add SA link
2015-02-13 V1.7 UPDATED updated list of affected products
2015-02-10 V1.6 UPDATED updated list of affected products
2015-02-06 V1.5 UPDATED updated list of affected products
2015-02-04 V1.4 UPDATED updated list of affected products
2015-02-02 V1.3 UPDATED updated list of affected products
2015-01-31 V1.2 UPDATED updated list of affected products
2015-01-30 V1.1 UPDATED updated list of affected products
2015-01-29 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.