English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.107831
Kategorie:Huawei
Titel:Huawei Data Communication: OpenSSL Vulnerability in Some Huawei Products (huawei-sa-20180613-01-openssl)
Zusammenfassung:Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive recursion.
Beschreibung:Summary:
Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive recursion.

Vulnerability Insight:
Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive recursion. Successful exploit could result in a Denial Of Service attack. (Vulnerability ID: HWPSIRT-2018-03073)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2018-0739.Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references.

Vulnerability Impact:
Successful exploit could result in a Denial Of Service attack.

Affected Software/OS:
AR3200 versions V200R008C20

AnyOffice versions 2.5.0501.0290

EulerOS versions V200R005C00

FusionSphere OpenStack versions 6.5.0 6.5.RC1 6.5.RC2 V100R006C00 V100R006C10 V100R006C30

OceanStor 5300 V3 versions V300R006C10

OceanStor 5500 V3 versions V300R006C10

OceanStor 5600 V3 versions V300R006C10

OceanStor 5800 V3 versions V300R006C10

OceanStor 6800 V3 versions V300R006C10

OceanStor 9000 versions V300R005C00 V300R006C00 V300R006C10 V300R006C20

OceanStor ReplicationDirector versions V200R001C00 V200R001C20

OceanStor UDS versions V1R2C01LHWS01RC3 V1R2C01LHWS01RC6

SMC2.0 versions V500R002C00 V600R006C00 V600R006C10

eSpace VCN3000 versions V100R002C10 V100R002C20

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-0739
BugTraq ID: 103518
http://www.securityfocus.com/bid/103518
BugTraq ID: 105609
http://www.securityfocus.com/bid/105609
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d
https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
https://security.netapp.com/advisory/ntap-20180330-0002/
https://security.netapp.com/advisory/ntap-20180726-0002/
https://securityadvisories.paloaltonetworks.com/Home/Detail/133
https://www.openssl.org/news/secadv/20180327.txt
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.tenable.com/security/tns-2018-04
https://www.tenable.com/security/tns-2018-06
https://www.tenable.com/security/tns-2018-07
Debian Security Information: DSA-4157 (Google Search)
https://www.debian.org/security/2018/dsa-4157
Debian Security Information: DSA-4158 (Google Search)
https://www.debian.org/security/2018/dsa-4158
https://security.gentoo.org/glsa/201811-21
https://security.gentoo.org/glsa/202007-53
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html
RedHat Security Advisories: RHSA-2018:3090
https://access.redhat.com/errata/RHSA-2018:3090
RedHat Security Advisories: RHSA-2018:3221
https://access.redhat.com/errata/RHSA-2018:3221
RedHat Security Advisories: RHSA-2018:3505
https://access.redhat.com/errata/RHSA-2018:3505
RedHat Security Advisories: RHSA-2019:0366
https://access.redhat.com/errata/RHSA-2019:0366
RedHat Security Advisories: RHSA-2019:0367
https://access.redhat.com/errata/RHSA-2019:0367
RedHat Security Advisories: RHSA-2019:1711
https://access.redhat.com/errata/RHSA-2019:1711
RedHat Security Advisories: RHSA-2019:1712
https://access.redhat.com/errata/RHSA-2019:1712
http://www.securitytracker.com/id/1040576
https://usn.ubuntu.com/3611-1/
https://usn.ubuntu.com/3611-2/
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.