 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.143949 |
| Category: | Huawei |
| Title: | Huawei Data Communication: Multiple OpenSSL Vulnerabilities in January 2017 (huawei-sa-20170503-01-openssl) |
| Summary: | On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. |
| Description: | Summary: On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities. Vulnerability Insight: On January 26, 2017, the OpenSSL Software Foundation released a security advisory that included three new vulnerabilities.If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. (Vulnerability ID: HWPSIRT-2017-02005)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-3730.If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. (Vulnerability ID: HWPSIRT-2017-02006)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-3731.There is a vulnerability in the x86_64 Montgomery squaring procedure, if DH parameters are used and a private key is shared between multiple clients, a successful exploit could allow the attacker to access sensitive private key information. (Vulnerability ID: HWPSIRT-2017-02007)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-3732.Huawei has released software updates to fix these vulnerabilities. This advisory is available in the linked references. Vulnerability Impact: A successful exploit may cause OpenSSL to crash when connecting to a malicious server. Affected Software/OS: AC6005 versions V200R007C10SPC200 V200R007C10SPC300 V200R007C10SPC300PWE V200R007C10SPH201 V200R007C10SPH301 V200R007C10SPH301PWE AC6605 versions V200R007C10SPC200 V200R007C10SPC300 V200R007C10SPC300PWE V200R007C10SPH201 V200R007C10SPH301 V200R007C10SPH301PWE AP2000 versions V200R007C10SPC200 V200R007C10SPC300 V200R007C10SPC500 V200R007C10SPC600 AP3000 versions V200R007C10SPC200 V200R007C10SPC300 V200R007C10SPC500 V200R007C10SPC600 AP4000 versions V200R007C10SPC200 V200R007C10SPC300 V200R007C10SPC500 V200R007C10SPC600 AP6000 versions V200R007C10SPC200 V200R007C10SPC300 V200R007C10SPC500 V200R007C10SPC600 AP7000 versions V200R007C10SPC200 V200R007C10SPC300 V200R007C10SPC500 V200R007C10SPC600 IPS Module versions V500R001C30 V500R001C50 V500R001C50PWE NGFW Module versions V500R002C00 V500R002C10 V500R002C10PWE OceanStor 9000 versions V300R005C00 OceanStor Backup Software versions V200R001C00 RH5885 V3 versions V100R003C01 V100R003C10 Secospace AntiDDoS8000 versions V500R001C60SPC501 V500R001C60SPC600 V500R001C60SPH601 V500R005C00SPC100 Secospace AntiDDoS8030 versions V500R001C60SPC100 V500R001C60SPC300 V500R001C60SPC500 V500R001C80 Secospace USG6600 versions V500R001C30 V500R001C50 V500R001C50PWE UPS2000 versions V100R002C02 V200R001C31 V200R001C90 USG9500 versions V500R001C30SPC100 V500R001C30SPC200 eSpace VCN3000 versions V100R002C10SPC103 V100R002C20SPC207. Solution: See the referenced vendor advisory for a solution. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-3730 BugTraq ID: 95812 http://www.securityfocus.com/bid/95812 https://www.exploit-db.com/exploits/41192/ https://security.gentoo.org/glsa/201702-07 https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html http://www.securitytracker.com/id/1037717 Common Vulnerability Exposure (CVE) ID: CVE-2017-3731 BugTraq ID: 95813 http://www.securityfocus.com/bid/95813 Debian Security Information: DSA-3773 (Google Search) http://www.debian.org/security/2017/dsa-3773 FreeBSD Security Advisory: FreeBSD-SA-17:02 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21 RedHat Security Advisories: RHSA-2017:0286 http://rhn.redhat.com/errata/RHSA-2017-0286.html RedHat Security Advisories: RHSA-2018:2185 https://access.redhat.com/errata/RHSA-2018:2185 RedHat Security Advisories: RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2186 RedHat Security Advisories: RHSA-2018:2187 https://access.redhat.com/errata/RHSA-2018:2187 Common Vulnerability Exposure (CVE) ID: CVE-2017-3732 BugTraq ID: 95814 http://www.securityfocus.com/bid/95814 https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b RedHat Security Advisories: RHSA-2018:2568 https://access.redhat.com/errata/RHSA-2018:2568 RedHat Security Advisories: RHSA-2018:2575 https://access.redhat.com/errata/RHSA-2018:2575 RedHat Security Advisories: RHSA-2018:2713 https://access.redhat.com/errata/RHSA-2018:2713 |
| Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |