Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.108772
Category:Huawei
Title:Huawei Data Communication: Sixteen OpenSSL Vulnerabilities on Some Huawei products (huawei-sa-20170322-01-openssl)
Summary:Statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call.
Description:Summary:
Statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call.

Vulnerability Insight:
Statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. (Vulnerability ID: HWPSIRT-2016-09065)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-6309.Crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service by triggering a CRL operation. (Vulnerability ID: HWPSIRT-2016-09078)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-7052.Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service via large OCSP Status Request extensions. (Vulnerability ID: HWPSIRT-2016-09079)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-6304.The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service by triggering a zero-length record in an SSL_peek call. (Vulnerability ID: HWPSIRT-2016-09080)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-6305.The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a 'Sweet32' attack. (Vulnerability ID: HWPSIRT-2016-09081)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-2183.Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service. (Vulnerability ID: HWPSIRT-2016-09082)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-6303.The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. (Vulnerability ID: HWPSIRT-2016-09083)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-6302.The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service. (Vulnerability ID: HWPSIRT-2016-09084)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-2182.The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service via a crafted time-stamp file that is mishandled by the 'openssl ts' command. (Vulnerability ID: HWPSIRT-2016-09085)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-2180.OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service. (Vulnerability ID: HWPSIRT-2016-09086)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-2177.The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. (Vulnerability ID: HWPSIRT-2016-09087)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-2178.The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service by maintaining many crafted DTLS sessions simultaneously. (Vulnerability ID: HWPSIRT-2016-09088)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-2179.The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 exist a vulnerability, which allows remote attackers to cause a denial of service. (Vulnerability ID: HWPSIRT-2016-09089)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-2181.The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service via crafted certificate operations. (Vulnerability ID: HWPSIRT-2016-09090)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-6306.The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service via crafted TLS messages. (Vulnerability ID: HWPSIRT-2016-09091)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-6307.Statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service via crafted DTLS messages. (Vulnerability ID: HWPSIRT-2016-09092)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-6308.Huawei has released software updates to fix these vulnerabilities. This advisory is available in the linked references.

Vulnerability Impact:
For technical details, customers are advised to check the references.

Affected Software/OS:
AC6005 versions V200R005C10

AC6605 versions V200R005C00 V200R005C10

AP5000 versions V200R007C10SPC300

AP5010SN-GN versions V200R005C10

AP5030DN versions V200R005C10

AP5130DN versions V200R005C10

AP6010SN-GN versions V200R005C10

AP6310SN-GN versions V200R005C10

AP6510DN-AGN versions V200R005C10

AP6610DN-AGN versions V200R005C10

AP7030DE versions V200R005C10 V200R005C20

AP7110DN-AGN versions V200R005C10

AP7110SN-GN versions V200R005C10

AP8030DN versions V200R005C10

AP8130DN versions V200R005C10

AP9330DN versions V200R005C20

AR3200 versions V200R008C10 V200R008C20

DP300 versions V500R002C00

E6000 versions V100R002C03

FusionManager versions V100R005C00

HiSTBAndroid versions Versions earlier than V600R001C00SPC066

IPC6112-D versions V100R001C10

IPC6611-Z30-I versions V100R001C00

OceanStor 9000 versions V100R001C01 V100R001C30 V300R005C00

OceanStor Backup Software versions V100R002C00

OceanStor UDS versions V100R002C00LVDF01 V1R2C01LHWS01RC3 V1R2C01LHWS01RC6

RH5885 V2 versions V100R001C01 V100R001C02

RH5885 V3 versions V100R003C01 V100R003C10

SMSC versions V300R002C90LG0005

SeMG9811 versions V300R001C01

TE30 versions V100R001C02B053SP02 V100R001C02B053SP03 V100R001C02SPC100 V100R001C02SPC100B011 V100R001C02SPC100B012 V100R001C02SPC100B013 V100R001C02SPC100B014 V100R001C02SPC100B015 V100R001C02SPC100B016 V100R001C02SPC100T V100R001C02SPC100TB010 V100R001C02SPC101T V100R001C02SPC101TB010 V100R001C02SPC102T V100R001C02SPC102TB010 V100R001C02SPC103T V100R001C02SPC103TB010 V100R001C02SPC200 V100R001C02SPC200B010 V100R001C02SPC200B011 V100R001C02SPC200T V100R001C02SPC200TB010 V100R001C02SPC201TB010 V100R001C02SPC202T V100R001C02SPC202TB010 V100R001C02SPC203T V100R001C02SPC300B010 V100R001C10 V100R001C10SPC100 V100R001C10SPC200B010 V100R001C10SPC300 V100R001C10SPC500 V100R001C10SPC600 V100R001C10SPC700B010 V100R001C10SPC800 V500R002C00SPC200 V500R002C00SPC500 V500R002C00SPC600 V500R002C00SPC700

TE40 versions V500R002C00SPC600 V500R002C00SPC700

TE60 versions V100R001C10 V500R002C00

USG9520 versions V200R001C01 V300R001C01 V300R001C20

USG9560 versions V200R001C01 V300R001C01 V300R001C20

USG9580 versions V200R001C01 V300R001C01 V300R001C20

VCM versions V100R001C10 V100R001C10SPC001 V100R001C10SPC002 V100R001C10SPC003 V100R001C10SPC004 V100R001C10SPC005 V100R001C10SPC006 V100R001C20

ViewPoint 9030 versions V100R011C02SPC100 V100R011C02SPC100B010 V100R011C03B012SP15 V100R011C03B012SP16 V100R011C03B015SP03 V100R011C03LGWL01SPC100 V100R011C03LGWL01SPC100B012 V100R011C03LGWL02SPC100T V100R011C03SPC100 V100R011C03SPC100B010 V100R011C03SPC100B011 V100R011C03SPC100B012 V100R011C03SPC100T V100R011C03SPC200 V100R011C03SPC200T V100R011C03SPC300 V100R011C03SPC400

eAPP610 versions V100R003C00

eLog versions V200R005C00SPC100 V200R005C00SPC101

eSpace 7910 versions V200R003C00

eSpace 7950 versions V200R003C00SPCf00 V200R003C30

eSpace 8950 versions V200R003C00

eSpace IAD versions V300R002C01SPCb00

eSpace U1981 versions V200R003C30

eSpace USM versions V100R001C10SPC105 V300R001C00

eSpace VCN3000 versions V100R002C00SPC100 V100R002C00SPC108 V100R002C00SPC109 V100R002C10B026 V100R002C10SPC001 V100R002C10SPC100 V100R002C10SPC100T V100R002C10SPC101 V100R002C10SPC101T V100R002C10SPC102 V100R002C10SPC102T V100R002C10SPC102TB011 V100R002C10SPC103 V100R002C10SPC103T V100R002C10SPC105T V100R002C10SPC106 V100R002C10SPC107 V100R002C10SPC107_B1253000 V100R002C10SPC108 V100R002C20B022 V100R002C20SPC001B012 V100R002C20SPC001T V100R002C20SPC100 V100R002C20SPC200 V100R002C20SPC201 V100R002C20SPC201T V100R002C20SPC201TB012

iBMC versions V100R002C10 V100R002C30 V200R002C20

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-6309
BugTraq ID: 93177
http://www.securityfocus.com/bid/93177
http://www.securitytracker.com/id/1036885
Common Vulnerability Exposure (CVE) ID: CVE-2016-7052
BugTraq ID: 93171
http://www.securityfocus.com/bid/93171
FreeBSD Security Advisory: FreeBSD-SA-16:26
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:27.openssl.asc
https://security.gentoo.org/glsa/201612-16
SuSE Security Announcement: SUSE-SU-2016:2470 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-6304
BugTraq ID: 93150
http://www.securityfocus.com/bid/93150
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
RedHat Security Advisories: RHSA-2016:1940
http://rhn.redhat.com/errata/RHSA-2016-1940.html
RedHat Security Advisories: RHSA-2016:2802
http://rhn.redhat.com/errata/RHSA-2016-2802.html
RedHat Security Advisories: RHSA-2017:1413
https://access.redhat.com/errata/RHSA-2017:1413
RedHat Security Advisories: RHSA-2017:1414
https://access.redhat.com/errata/RHSA-2017:1414
RedHat Security Advisories: RHSA-2017:1415
http://rhn.redhat.com/errata/RHSA-2017-1415.html
RedHat Security Advisories: RHSA-2017:1658
https://access.redhat.com/errata/RHSA-2017:1658
RedHat Security Advisories: RHSA-2017:1659
http://rhn.redhat.com/errata/RHSA-2017-1659.html
RedHat Security Advisories: RHSA-2017:1801
https://access.redhat.com/errata/RHSA-2017:1801
RedHat Security Advisories: RHSA-2017:1802
https://access.redhat.com/errata/RHSA-2017:1802
RedHat Security Advisories: RHSA-2017:2493
https://access.redhat.com/errata/RHSA-2017:2493
RedHat Security Advisories: RHSA-2017:2494
https://access.redhat.com/errata/RHSA-2017:2494
http://www.securitytracker.com/id/1036878
http://www.securitytracker.com/id/1037640
Common Vulnerability Exposure (CVE) ID: CVE-2016-6305
BugTraq ID: 93149
http://www.securityfocus.com/bid/93149
http://www.securitytracker.com/id/1036879
Common Vulnerability Exposure (CVE) ID: CVE-2016-2183
BugTraq ID: 92630
http://www.securityfocus.com/bid/92630
BugTraq ID: 95568
http://www.securityfocus.com/bid/95568
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697
http://www-01.ibm.com/support/docview.wss?uid=swg21991482
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
http://www.splunk.com/view/SP-CAAAPSV
http://www.splunk.com/view/SP-CAAAPUE
https://access.redhat.com/articles/2548661
https://access.redhat.com/security/cve/cve-2016-2183
https://bto.bluecoat.com/security-advisory/sa133
https://bugzilla.redhat.com/show_bug.cgi?id=1369383
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
https://kc.mcafee.com/corporate/index?page=content&id=SB10171
https://kc.mcafee.com/corporate/index?page=content&id=SB10310
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
https://security.netapp.com/advisory/ntap-20160915-0001/
https://security.netapp.com/advisory/ntap-20170119-0001/
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008
https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://www.tenable.com/security/tns-2016-16
https://www.tenable.com/security/tns-2016-20
https://www.tenable.com/security/tns-2016-21
https://www.tenable.com/security/tns-2017-09
https://security.gentoo.org/glsa/201701-65
https://security.gentoo.org/glsa/201707-01
https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/
https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/
https://sweet32.info/
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.sigsac.org/ccs/CCS2016/accepted-papers/
https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue
https://www.ietf.org/mail-archive/web/tls/current/msg04560.html
RedHat Security Advisories: RHSA-2017:0336
http://rhn.redhat.com/errata/RHSA-2017-0336.html
RedHat Security Advisories: RHSA-2017:0337
http://rhn.redhat.com/errata/RHSA-2017-0337.html
RedHat Security Advisories: RHSA-2017:0338
http://rhn.redhat.com/errata/RHSA-2017-0338.html
RedHat Security Advisories: RHSA-2017:0462
http://rhn.redhat.com/errata/RHSA-2017-0462.html
RedHat Security Advisories: RHSA-2017:1216
https://access.redhat.com/errata/RHSA-2017:1216
RedHat Security Advisories: RHSA-2017:2708
https://access.redhat.com/errata/RHSA-2017:2708
RedHat Security Advisories: RHSA-2017:2709
https://access.redhat.com/errata/RHSA-2017:2709
RedHat Security Advisories: RHSA-2017:2710
https://access.redhat.com/errata/RHSA-2017:2710
RedHat Security Advisories: RHSA-2017:3113
https://access.redhat.com/errata/RHSA-2017:3113
RedHat Security Advisories: RHSA-2017:3114
https://access.redhat.com/errata/RHSA-2017:3114
RedHat Security Advisories: RHSA-2017:3239
https://access.redhat.com/errata/RHSA-2017:3239
RedHat Security Advisories: RHSA-2017:3240
https://access.redhat.com/errata/RHSA-2017:3240
RedHat Security Advisories: RHSA-2018:2123
https://access.redhat.com/errata/RHSA-2018:2123
RedHat Security Advisories: RHSA-2019:1245
https://access.redhat.com/errata/RHSA-2019:1245
RedHat Security Advisories: RHSA-2019:2859
https://access.redhat.com/errata/RHSA-2019:2859
RedHat Security Advisories: RHSA-2020:0451
https://access.redhat.com/errata/RHSA-2020:0451
http://www.securitytracker.com/id/1036696
Common Vulnerability Exposure (CVE) ID: CVE-2016-6303
BugTraq ID: 92984
http://www.securityfocus.com/bid/92984
Common Vulnerability Exposure (CVE) ID: CVE-2016-6302
BugTraq ID: 92628
http://www.securityfocus.com/bid/92628
RedHat Security Advisories: RHSA-2018:2185
https://access.redhat.com/errata/RHSA-2018:2185
RedHat Security Advisories: RHSA-2018:2186
https://access.redhat.com/errata/RHSA-2018:2186
RedHat Security Advisories: RHSA-2018:2187
https://access.redhat.com/errata/RHSA-2018:2187
Common Vulnerability Exposure (CVE) ID: CVE-2016-2182
BugTraq ID: 92557
http://www.securityfocus.com/bid/92557
http://www.securitytracker.com/id/1036688
http://www.securitytracker.com/id/1037968
Common Vulnerability Exposure (CVE) ID: CVE-2016-2180
BugTraq ID: 92117
http://www.securityfocus.com/bid/92117
http://www.securitytracker.com/id/1036486
Common Vulnerability Exposure (CVE) ID: CVE-2016-2177
BugTraq ID: 91319
http://www.securityfocus.com/bid/91319
https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01
RedHat Security Advisories: RHSA-2016:2957
http://rhn.redhat.com/errata/RHSA-2016-2957.html
RedHat Security Advisories: RHSA-2017:0193
https://access.redhat.com/errata/RHSA-2017:0193
RedHat Security Advisories: RHSA-2017:0194
https://access.redhat.com/errata/RHSA-2017:0194
http://www.securitytracker.com/id/1036088
Common Vulnerability Exposure (CVE) ID: CVE-2016-2178
BugTraq ID: 91081
http://www.securityfocus.com/bid/91081
http://eprint.iacr.org/2016/594.pdf
http://www.openwall.com/lists/oss-security/2016/06/08/2
http://www.openwall.com/lists/oss-security/2016/06/09/8
http://www.securitytracker.com/id/1036054
Common Vulnerability Exposure (CVE) ID: CVE-2016-2179
BugTraq ID: 92987
http://www.securityfocus.com/bid/92987
http://www.securitytracker.com/id/1036689
Common Vulnerability Exposure (CVE) ID: CVE-2016-2181
BugTraq ID: 92982
http://www.securityfocus.com/bid/92982
http://www.securitytracker.com/id/1036690
Common Vulnerability Exposure (CVE) ID: CVE-2016-6306
BugTraq ID: 93153
http://www.securityfocus.com/bid/93153
https://bto.bluecoat.com/security-advisory/sa132
https://git.openssl.org/?p=openssl.git;a=commit;h=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us
https://www.openssl.org/news/secadv/20160922.txt
Common Vulnerability Exposure (CVE) ID: CVE-2016-6307
BugTraq ID: 93152
http://www.securityfocus.com/bid/93152
Common Vulnerability Exposure (CVE) ID: CVE-2016-6308
BugTraq ID: 93151
http://www.securityfocus.com/bid/93151
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.