Security Advisory-Multiple OpenSSL
advertisement
News Start Security Advisory-Multiple OpenSSL vulnerabilities on Huawei products SA No: Huawei-SA-20140613-OpenSSL Initial Release Date: 06-13-2014 Last Release Date: 06-20-2014 Summary This security advisory (SA) describes the impact of 7 OpenSSL vulnerabilities discovered in third-party software. The vulnerabilities are referenced in this document as follows: 1. SSL/TLS Man-in-the-Middle Vulnerability (CVE-2014-0224). An unauthenticated, remote attacker with the ability to intercept traffic between an affected client and server could successfully execute a man-in-the-middle attack.(Vulnerability ID: HWPSIRT-2014-0604) The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224 2. DTLS Recursion Flaw Vulnerability (CVE-2014-0221). An unauthenticated, remote attacker that can convince an affected client to connect to an attacker-controlled server could send an affected device a crafted DTLS packet. This could result in a partial or complete DoS condition on the affected device. (Vulnerability ID: HWPSIRT-2014-0605) The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0221 3. DTLS Invalid Fragment Vulnerability (CVE-2014-0195). An unauthenticated, remote attacker could send a crafted DTLS packet to an affected device designed to trigger a buffer overflow condition. This could allow the attacker to gain the ability to execute arbitrary code with elevated privileges. (Vulnerability ID: HWPSIRT-2014-0606) The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0195 4. SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference Vulnerability (CVE-2014-0198). An unauthenticated, remote attacker could submit a malicious request designed to trigger a NULL pointer dereference. This could result in a partial or complete DoS condition on the affected device. (Vulnerability ID: HWPSIRT-2014-0607) The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0198 5. SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service Vulnerability (CVE-2010-5298). An unauthenticated, remote attacker could submit a malicious request designed to inject content into a parallel context or trigger a DoS condition. (Vulnerability ID: HWPSIRT-2014-0608) The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298 6. Anonymous ECDH Denial of Service Vulnerability (CVE-2014-3470). An unauthenticated, remote attacker that can convince an affected client to connect to an attacker-controlled server could submit a crafted certificate designed to trigger a NULL pointer dereference. If successful, the attacker could create a DoS condition. (Vulnerability ID: HWPSIRT-2014-0609) The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3470 7. ECDSA NONCE Side-Channel Recovery Attack Vulnerability (CVE-2014-0076). An attacker with the ability to run an application on an affected device could recover portions of ECDSA cryptographic materials via a side-channel attack. This could allow the attacker to reconstruct encryption keys used for the protection of network communications. (Vulnerability ID: HWPSIRT-2014-0610) The NVD link is: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0076 The 7 vulnerabilities affect the Huawei products that use OpenSSL. Some Product have provided the fixed version. Impact Successful exploitation of these vulnerabilities may allow an attacker to perform a man-in-the-middle attack, create a denial of service condition, disclose sensitive information, or execute arbitrary code with elevated privileges. Vulnerability Scoring Details The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/). 1.CVE-2014-0224: Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) Temporal Score: 4.8 (E:F/RL:O/RC:C) Overall Score: 4.8 2.CVE-2014-0221: Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Temporal Score: 3.4 (E:P/RL:O/RC:C) Overall Score: 3.4 3.CVE-2014-0195: Base Score: 9.3(AV:N/AC:M/AU:N/C:C/I:C/A:C) Temporal Score: 7.7 (E:F/RL:O/RC:C) Overall Score: 7.7 4.CVE-2014-0198: Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Temporal Score: 3.4 (E:P/RL:O/RC:C) Overall Score: 3.4 5.CVE-2010-5298: Base Score: 4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P) Temporal Score: 3.2 (E:P/RL:O/RC:C) Overall Score: 3.2 6.CVE-2014-3470: Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Temporal Score: 3.4 (E:P/RL:O/RC:C) Overall Score: 3.4 7.CVE-2014-0221: Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Temporal Score: 3.4 (E:P/RL:O/RC:C) Overall Score: 3.4 Technique Details For additional details, customers are advised to reference the OpenSSL Project security advisory: http://www.openssl.org/news/secadv_20140605.txt Temporary Fix None Software Versions and Fixes Product Name Affected Version USG9300 USG9300 V100R003C00 USG9500 USG9500 V200R001 USG9500 USG9500 V300R001C01 USG9500 USG9500 V300R001C20 Solved version USG9500 V200R001C01SPH902 USG9500 V200R001C01SPH902 USG9500 V300R001C01SPC300 USG9500 V300R001C20SPH102 AnyOffice USG2000 Series USG5000 Series AVE2000 Series SVN2200 Series SVN5500 Series SVN3000 Series SVN5300 Series AnyOffice V200R002C10 V300R001C10SPC200 and earlier versions V300R001C10SPC200 and earlier versions All V100R001C00 versions V200R001C01SPC600 and earlier versions V200R001C01SPC600 and earlier versions V100R002C02SPC800 and earlier versions V200R001C00SPC500 and earlier versions SRG1200&2200&32 V100R002C02SPC800 and 00 Series earlier versions ASG2000 Series V100R001C10 and earlier versions NIP2000&5000 V100R002C10SPC100 and Series earlier versions V200R002C10L00003SP H002 V300R001C10SPH201 V300R001C10SPH201 V100R001C00SPH001 V200R001C01HP0001 V200R001C01HP0001 V100R002C02SPH804 V200R001C00SPH501 V100R002C02HP0001 V100R001C10SPH001 V100R002C10HP0001 Obtaining Fixed Software Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades, or obtain them through Huawei worldwide website at http://support.huawei.com/support/. For TAC contact information, please refer to the following links: TAC for Carrier Customers: http://support.huawei.com/support/pages/news/NewsInfoAction.do?actionFlag=view&doc_id=IN 0000034614&colID=ROOTENWEB%7CCO0000000169%7CCO0000003000. TAC for enterprise customers: http://support.huawei.com/enterprise/NewsReadAction.action?contentId=NEWS1000000563 TAC for Terminal Customers: http://www.huaweidevice.com/resource/mini/201107199604/FAQ_ServiceHotline_en/index.html http://www.huaweidevice.com/worldwide/netWorkPoint.do?method=index&directory Id=40 Exploitation and Vulnerability Source These vulnerabilities are disclosed by OpenSSL official website. Contact Channel for Technique Issue For security problems about Huawei products and solutions, please contact PSIRT@huawei.com. For general problems about Huawei products and solutions, please directly contact Huawei TAC (Huawei Technical Assistance Center) to request the configuration or technical assistance. Revision History 2014-06-20 V1.1 UPDATED Update the Software Versions and Fixes 2014-06-13 V1.0 INITIAL Declaration This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei. or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time. Huawei Security Procedures Complete information on providing feedback on security vulnerability of Huawei products, getting support for Huawei security incident response services, and obtaining Huawei security vulnerability information, is available on Huawei's worldwide website at http://www.huawei.com/en/security/psirt/. News End
