安全公告-关于NTP.org和CERT/CC披露NTPd存在多个安全漏洞的声明
- 初始发布时间: 2014-12-23
- 更新发布时间: 2015-12-15
华为注意到NTP.org和CERT/CC在2014年12月19日发布NTP daemon (ntpd)中存在的4个安全漏洞(CVE-2014-9293,CVE-2014-9294,CVE-2014-9295和CVE-2014-9296)。华为在第一时间启动了分析调查。
相关的调查工作正在持续进行,调查证实,华为部分产品受到这个漏洞的影响,华为PSIRT会随时更新安全通告,请持续关注针对此漏洞的安全公告。
受影响产品:
|
产品信息 |
版本信息 |
|
AC6605 |
V200R002C00SPC700 V200R001C00 V200R003C10 V200R005C00/C10 V200R006C00 |
|
ACU |
V200R002C00SPH601 V200R002C00SPH602B001 V200R002SPH007 |
|
Campus Controller |
V100R001C00B001 |
|
DC |
V100R002C01SPC001 |
|
DH320 V2 |
V100R001C00 |
|
DH620 V2 |
V100R001C00 |
|
DH621 V2 |
V100R001C00 |
|
DH628 V2 |
V100R001C00 |
|
E6000 Chassis |
V100R001C00 |
|
E9000 Chassis |
V100R001C00 |
|
eLog |
V100R003C01 V200R003C10 |
|
eSight Network |
V200R003C01/C10 V200R005C00 |
|
eSight UC&C |
V100R001C01/C20 |
|
eSpace CAD |
V100R001C01LHUE01 |
|
eSpace CC |
V200R001C03/C31/C32/C50 |
|
eSpace DCM |
V100R001C01/C02/C03 V100R002C01 |
|
eSpace EMS |
V200R001C03 |
|
eSpace IVS |
V100R001C02 |
|
eSpace Meeting Portal |
V100R001C00 |
|
eSpace U2980 |
V100R001C02SPC200 V100R001C01 V200R003C00 |
|
eSpace UC |
V100R002C01 V200R002C00 V200R003C00 |
|
eSpace USM |
V200R003C00 |
|
eSpace VCN3000 |
V100R002C00 |
|
eSpace VTM |
V100R001C02/C30 V100R002C00 |
|
FusionAccess |
V100R005C10/C20 |
|
FusionCompute |
V100R003C00/C10 V100R005C00/C10 |
|
FusionCube |
V100R002C01SPC100 V100R002C02SPC100 V100R002C02SPC200 V100R002C02SPC300 |
|
FusionManager |
V100R003C10 V100R005C00 |
|
FusionSphere OpenStack |
V100R005C00 |
|
FusionSphere Tool |
V100R003C00SPC201B002 |
|
GalaX8800 |
V100R002C00/C01/C83/C85 |
|
ManageOne SC |
V100R002C20 |
|
ManageOne |
V100R002C00/C10 |
|
OceanStor 18500 |
V100R001C00 |
|
OceanStor 18800 |
V100R001C00 |
|
OceanStor 18800F |
V100R001C00 |
|
OceanStor 9000 |
V100R001C00/C01/C20/C30 |
|
OceanStor 9000E |
V100R002C19 |
|
OceanStor HDP3500E |
V100R003C00 |
|
OceanStor HVS85T |
V100R001C00 |
|
OceanStor HVS88T |
V100R001C00 |
|
OceanStor S2600T |
V200R002C00 |
|
OceanStor S5500T |
V200R002C00 |
|
OceanStor S5600T |
V200R002C00 |
|
OceanStor S5800T |
V200R002C00 |
|
OceanStor S6800T |
V200R002C00 |
|
OceanStor UDS |
V100R002C00/C01 |
|
OMM Solution |
V100R001C00 |
|
RH1288 V2 |
V100R002C00 |
|
RH2285 V2 |
V100R002C00 |
|
RH2285H V2 |
V100R002C00 |
|
RH2288 V2 |
V100R002C00 |
|
RH2288E V2 |
V100R002C00 |
|
RH2288H V2 |
V100R002C00 |
|
RH2485 V2 |
V100R002C00 |
|
RH5885 V2 |
V100R001C00 |
|
RH5885 V3 |
V100R003C01 |
|
RH5885H V3 |
V100R003C00 |
|
Smart CDN |
V100R001C06 |
|
Tecal XH310 V2 |
V100R001C00SPC100 |
|
Tecal XH311 V2 |
V100R001C00SPC100 |
|
Tecal XH320 V2 |
V100R001C00SPC105 |
|
Tecal XH621 V2 |
V100R001C00B010 |
|
V1300N |
V100R002C02 |
|
VCM |
V100R001C00 |
|
VCN500 |
V100R002C00 |
|
X8000 Rack |
V100R001C00 |
不受漏洞影响产品:
|
产品信息 |
|
AR-UMS |
|
BH620 V2/ BH621 V2/ BH622 V2/ BH640 V2 |
|
CH121/ CH121 V3/ CH140/ CH220 V3/ CH221/ CH222/ CH222 V3/ CH240/ CH242/ CH242 V3 |
|
DC Server |
|
EDC Solution |
|
eLWP |
|
eNSP |
|
eSAP |
|
eSpace Audio Recorder |
|
eSpace IPC |
|
eSpace UMS |
|
Eudemon8000E-X8 |
|
FusionCloud Desktop Solution |
|
FusionCloud Server/ FusionCloud Server II |
|
FusionServer 9032 |
|
FusionServer Tools |
|
iBMC |
|
iMM |
|
IPC6112-D/ IPC6122-D/ IPC6221-VRZ/ IPC6611-Z30-I/ IPC6621-Z30-I |
|
L2800 |
|
OceanStor CSE |
|
P8000 SSD Card |
|
PowerCache-Ram-Based SSD |
|
SAP HANA Appliance |
|
Secospace USG6600 |
|
SingleCLOUD Solution |
|
T8000 |
|
TeleClassroom |
|
Tecal RH1288 V3 |
|
UMA |
|
USG9560 |
|
WS6603 |
|
X6000 |
2015-02-13 V2.0 UPDATED updated list of affected products
2015-01-14 V1.9 UPDATED updated list of affected products
2015-01-06 V1.8 UPDATED updated list of affected products
2015-01-04 V1.7 UPDATED updated list of affected products
2014-12-31 V1.6 UPDATED updated list of affected products
2014-12-29 V1.5 UPDATED updated list of affected products
2014-12-27 V1.4 UPDATED updated list of affected products
2014-12-26 V1.3 UPDATED updated list of affected products
2014-12-25 V1.2 UPDATED updated list of affected products
2014-12-24 V1.1 UPDATED updated list of affected products
2014-12-23 V1.0 INITIAL
华为一贯主张尽全力保障产品用户的最终利益,遵循负责任的安全事件披露原则,并通过产品安全问题处理机制处理产品安全问题。若您在华为的产品中发现任何安全问题,请通过下列邮箱地址报告给华为psirt@huawei.com。
