This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy

Security Advisory - Glibc Buffer Overflow Vulnerability

  • SA No:Huawei-SA-20150226-01-Glibc
  • Initial Release Date: Feb 26, 2015
  • Last Release Date: Mar 13, 2015

Huawei noticed that Qualys had disclosed the buffer overflow in the GNU C Library (glibc) on January 27th, 2015, Applications call various gethostbyname function are affected and attackers can exploit this vulnerability to perform remote code execution. (Vulnerability ID: HWPSIRT-2015-01045)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2015-0235.

This vulnerability was first disclosed by Qualys.

Currently, official fixes and workarounds are available.

Product Name

Affected Version

Resolved Product and Version

AR510

AR510 V200R005C30

AR510 V200R006C10

AR3200

AR3200 V200R005C30

AR3200 V200R006C10

BH620

iMana software V2.26 and earlier versions

Refer to the temporary fix

BH620 V2

iMana software V7.05 and earlier versions

iMana software V7.06

BH621 V2

BH622 V2

BH640 V2

CH121

iMana software V6.05 and earlier versions

iMana software V6.08

CH121 V3

iBMC  software V1.27 and earlier versions

iBMC software V1.35

CH140

iMana software V6.05 and earlier versions

iMana software V6.08

CH220

iMana software V6.05 and earlier versions

iMana software V6.08

CH221

iMana software V6.05 and earlier versions

iMana software V6.08

CH222

iMana software V6.05 and earlier versions

iMana software V6.08

CH222 V3

iBMC software V1.28 and earlier versions

iBMC software V1.35

CH240

iMana software V6.05 and earlier versions

iMana software V6.08

CH242

iMana software V6.05 and earlier versions

iMana software V6.08

CH242 V3

iMana software V6.05 and earlier versions

iMana software V6.08

CloudEngine 12800

CloudEngine 12800 V100R003C00

CloudEngine 12800 V100R003HP0006

CloudEngine 12800 V100R003C10

CloudEngine 12800 V100R003HP0006

CloudEngine 5800

CloudEngine 5800V100R003C00

CloudEngine 5800 V100R003HP0006

CloudEngine 5800V100R003C10

CloudEngine 5800 V100R003HP0006

CloudEngine 6800

CloudEngine 6800V100R003C00

CloudEngine 6800 V100R003HP0006

CloudEngine 6800V100R003C10

CloudEngine 6800 V100R003HP0006

CloudEngine 7800

CloudEngine 7800V100R003C00

CloudEngine 7800 V100R003HP0006

CloudEngine 7800V100R003C10

CloudEngine 7800 V100R003HP0006

DC

V100R002

Suse Patch

DH310 V2

iMana software V7.05 and earlier versions

iMana software V7.06

DH320 V2

DH321 V2

DH620 V2

DH621 V2

DH628 V2

E6000 Chassis

MM software V5.20 and earlier versions

MM software V5.21

E9000 Chassis

MM software V3.05 and earlier versions

MM software V3.07

eSight Network

V200R005C00
V200R003C10
V200R003C01

V200R005C00SPC507

eSpace CAD

V100R001

Suse Patch

eSpace DCM

V100R001
V100R002

Suse Patch

eSpace EMS

V200R001C03

Suse Patch

eSight UC&C

V100R001C01
V100R001C20

eSpace IVS

V100R001

Suse Patch

eSpace 7910

eSpace 7910 V100R001C01 

eSpace 7910 V200R002C00SPC700B010

eSpace 7910 V100R001C50     

eSpace 7910 V200R003C00SPC100B011

eSpace 7910 V200R002C00     

eSpace 7910 V200R002C00SPC700B010

eSpace 7910 V200R003C00

eSpace 7910 V200R003C00SPC100B011

eSpace 7950

eSpace 7950 V100R001C01     

eSpace 7950 V200R002C00SPC700B010

eSpace 7950 V100R001C02     

eSpace 7950 V100R001C30     

eSpace 7950 V100R001C50     

eSpace 7950 V200R003C00SPC100B011

eSpace 7950 V200R002C00     

eSpace 7950 V200R002C00SPC700B010

eSpace 7950 V200R003C00

eSpace 7950 V200R003C00SPC100B011

eSpace CC

eSpace CC V100R001

Suse Patch

eSpace CC V200R001

eSpace IPC

eSpace IPC V100R001C11

eSpace IPC V100R001C21SPC302

eSpace IPC V100R001C21

eSpace U2980

eSpace U2980 V100R001

eSpace U2980 V100R001C10SPC105

eSpace U2990

eSpace U2990 V200R001

eSpace U2990 V200R001C10SPC105

eSpace UMS

eSpace UMS V200R002

eSpace UMS V200R002C00SPC100

eSpace USM

eSpace USM V100R001

eSpace USM V100R001C10SPC105

FusionAccess

FusionAccess V100R005C10

FusionAccess V100R005C20SPC101

FusionAccess V100R005C20

FusionAccess V100R005C20SPC101

FusionCloud Desktop Solution

FusionCloud Desktop Solution V100R005C20

FusionAccess V100R005C20SPC101

FusionCompute

FusionCompute V100R002C02

FusionCompute V100R005C00SPC300

FusionCompute V100R003C00

FusionCompute V100R003C10

FusionCompute V100R005C00

FusionManager

FusionManager V100R003C00                           

FusionManager V100R003C00SPC308

FusionManager V100R003C10                          

FusionManager V100R003C10SPC620

FusionManager V100R005C00

FusionManager V100R005C00SPC300

FusionManager V100R005C10

FusionManager V100R005C10SPC001T

FusionStorage DSware

FusionStorage DSware V100R003C00

FusionStorage DSware V100R003C00SPC307

FusionStorage DSware V100R003C02

FusionStorage DSware V100R003C02SPC302

GalaX8800

GalaX8800 V100R002C01

Product Precausion

IPC6221-VRZ

IPC6221-VRZ V100R001C00

IPC6221-VRZ V100R001C00SPC100B012

ManageOne

V100R001C01

Suse Patch

NVS

V100R002

Suse Patch

OceanStor Backup Software

OceanStor Backup Software V100R001C00

Suse Patch

OceanStor HDP3500E

OceanStor HDP3500E V100R002C00

OceanStor HDP3500E V100R003C00SPH505

OceanStor HDP3500E V100R003C00

OceanStor UDS

OceanStor UDS V100R002C00

OceanStor UDS V100R002C01SPC103

OceanStor UDS V100R002C01

OceanStor VTL6900

OceanStor VTL6900 V100R005C00

OceanStor VTL6900 V100R005C00SPH601

OceanStor VTL6900 V100R005C10

OceanStor VTL6900 V100R005C10SPC100

OMM Solution

V100R001

Suse Patch

RH1285

iMana software V2.28 and earlier versions

Refer to the temporary fix

RH2285

iMana software V2.25 and earlier versions

Refer to the temporary fix

RH1288 V2

iMana software V7.05 and earlier versions

iMana software V7.06

RH2265 V2

RH2285 V2

RH2265H V2

RH2285H V2

RH2268 V2

RH2288 V2

RH2288H V2

RH2288E V2

RH2485 V2

RH5885 V2

iMana software V5.50 and earlier versions

iMana software V5.51

RH5885 V3

iMana software V7.05 and earlier versions

iMana software V7.06

RH5885H V3

iMana software V7.05 and earlier versions

iMana software V7.06

RH1288 V3

iBMC software V1.28 and earlier versions

iBMC software V1.35

RH2288 V3

RH2288H V3

RH1288A V2

RH2288A V2

RH8100 V3

RSE6500

RSE6500 V100R001C00

RSE6500 V100R001C00SPC300

SAP HANA Appliance

SAP HANA Appliance V100R001C00

RH5885H V3 V100R003C00SPC106

Tecal XH310 V2

Tecal XH310 V2 V100R001C00SPC100

Tecal XH310 V2 V100R001C00SPC300

Tecal XH311 V2

Tecal XH311 V2 V100R001C00

Tecal XH311 V2 V100R001C00SPC300

Tecal XH320 V2

Tecal XH320 V2 V100R001C00

Tecal XH320 V2 V100R001C00SPC300

Tecal XH321 V2

Tecal XH321 V2 V100R002C00

Tecal XH321 V2 V100R002C00SPC300

Tecal XH621 V2

Tecal XH621 V2 V100R001C00

Tecal XH621 V2 V100R001C00SPC300

V1300N

V100R002

Suse Patch

VAE

V100R001

Suse Patch

XH320

iMana software V2.05 and earlier versions

Refer to the temporary fix

XH620

iMana software V2.17 and earlier versions

Refer to the temporary fix

XH310 V2

iMana software V7.05 and earlier versions

iMana software V7.06

XH311 V2

XH320 V2

XH321 V2

XH621 V2

XH628 V3

iBMC software V1.28 and earlier versions

iBMC software V1.35

MM810 V3


Attackers can exploit this vulnerability to perform remote code execution.

The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/).

Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Temporal Score: 7.3 (E:P/RL:O/RC:C)

The vulnerability exists in a DNS query handling function in the glibc library. During the processing of host name parameters, strcpy (hostname, name) is used without verification, leading to buffer overflow. Glibc is the libc library released by GNU. The library is the underlying API of Linux systems. Almost all other runtime libraries depend on Glibc. Major Linux systems, including Redhat, SUSE, and Ubuntu, are affected by the vulnerability. The vulnerability can be triggered locally or remotely. The vulnerability can be exploited to execute arbitrary codes using the user permissions of the current process to control the target host.

For additional details, customers are advised to reference the website: 

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0235

A security vulnerability is discovered in the gethostbyname function and affects the BH620, XH620, and XH320, whose web service interfaces use the function. To avoid vulnerability, disable the web services. Functions provided by the web services can be performed using the CLI.

Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades, or obtain them through Huawei worldwide website at (http://support.huawei.com/enterprise).

 For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm.


This vulnerability was reported by Qualys. Huawei PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. 

For security problems about Huawei products and solutions, please contactPSIRT@huawei.com.

For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance.


2015-03-13 V1.3 UPDATED Update the affected version and fixed version
2015-03-02 V1.2 UPDATED Update the affected version and fixed version

2015-02-28 V1.1 UPDATED Update the affected version and fixed version

2015-02-26 V1.0 INITIAL
This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.


Complete information for providing feedback on security vulnerability of Huawei products, getting support for Huawei security incident response services, and obtaining Huawei security vulnerability information, is available on Huawei's worldwide website at http://www.huawei.com/en/security/psirt/.