Huawei : Huawei Data Communication: OpenSSL Montgomery multiplication may produce incorrect results Vulnerability (huawei-sa-20170419-01-openssl)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.108773

Category: Huawei

Title: Huawei Data Communication: OpenSSL Montgomery multiplication may produce incorrect results Vulnerability (huawei-sa-20170419-01-openssl)

Summary: There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits.

Description: Summary:
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits.

Vulnerability Insight:
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. and may produce incorrect results. (Vulnerability ID: HWPSIRT-2016-11044)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-7055.Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references.

Vulnerability Impact:
Successful exploitation of the vulnerability allows producing incorrect results.

Affected Software/OS:
AP5030DN versions V200R007C00SPC100 V200R007C10 V200R007C10SPC100 V200R007C10SPC200

TE60 versions V600R006C00

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
2.6

CVSS Vector:
AV:N/AC:H/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-7055
BugTraq ID: 94242
http://www.securityfocus.com/bid/94242
FreeBSD Security Advisory: FreeBSD-SA-17:02
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc
https://security.gentoo.org/glsa/201702-07
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
RedHat Security Advisories: RHSA-2018:2185
https://access.redhat.com/errata/RHSA-2018:2185
RedHat Security Advisories: RHSA-2018:2186
https://access.redhat.com/errata/RHSA-2018:2186
RedHat Security Advisories: RHSA-2018:2187
https://access.redhat.com/errata/RHSA-2018:2187
http://www.securitytracker.com/id/1037261

Copyright Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.108773
Category:	Huawei
Title:	Huawei Data Communication: OpenSSL Montgomery multiplication may produce incorrect results Vulnerability (huawei-sa-20170419-01-openssl)
Summary:	There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits.
Description:	Summary: There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. Vulnerability Insight: There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure that handles input lengths divisible by, but longer than 256 bits. and may produce incorrect results. (Vulnerability ID: HWPSIRT-2016-11044)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-7055.Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references. Vulnerability Impact: Successful exploitation of the vulnerability allows producing incorrect results. Affected Software/OS: AP5030DN versions V200R007C00SPC100 V200R007C10 V200R007C10SPC100 V200R007C10SPC200 TE60 versions V600R006C00 Solution: See the referenced vendor advisory for a solution. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7055 BugTraq ID: 94242 http://www.securityfocus.com/bid/94242 FreeBSD Security Advisory: FreeBSD-SA-17:02 https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc https://security.gentoo.org/glsa/201702-07 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html RedHat Security Advisories: RHSA-2018:2185 https://access.redhat.com/errata/RHSA-2018:2185 RedHat Security Advisories: RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2186 RedHat Security Advisories: RHSA-2018:2187 https://access.redhat.com/errata/RHSA-2018:2187 http://www.securitytracker.com/id/1037261
Copyright	Copyright (C) 2020 Greenbone Networks GmbH