Huawei S5300EI HTTPS/FTP Server Memory Leak 拒绝服务漏洞

CVE编号

CVE-2015-8677

利用情况

暂无

补丁情况

N/A

披露时间

2016-04-15

漏洞描述

Huawei S5300EI是中国华为的S系列交换机产品。
多款Huawei产品HTTPS或SFTP服务器存在内存泄露漏洞，允许远程攻击者可通过登录和退出HTTPS或SFTP服务器消耗内存，进行拒绝服务攻击。

解决建议

用户可参考如下厂商提供的安全补丁以修复该漏洞：
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-03-switch-en

参考链接
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-03-switch-en

受影响软件情况

#	类型	厂商	产品	版本	影响面
1
	运行在以下环境
	系统	huawei	s2300_firmware	*	From (including) v100r006c05	Up to (excluding) v100r006sph022
	运行在以下环境
	系统	huawei	s2350ei_firmware	*	From (including) v200r003c00	Up to (excluding) v200r003sph011
	运行在以下环境
	系统	huawei	s2350ei_firmware	*	From (including) v200r005c00	Up to (excluding) v200r005sph008
	运行在以下环境
	系统	huawei	s2350ei_firmware	*	From (including) v200r006c00	Up to (excluding) v200r006sph002
	运行在以下环境
	系统	huawei	s3300_firmware	*	From (including) v100r006c05	Up to (excluding) v100r006sph022
	运行在以下环境
	系统	huawei	s5300ei_firmware	*	From (including) v200r003c00	Up to (excluding) v200r003sph011
	运行在以下环境
	系统	huawei	s5300ei_firmware	*	From (including) v200r005c00	Up to (excluding) v200r005sph008
	运行在以下环境
	系统	huawei	s5300li_firmware	*	From (including) v200r003c00	Up to (excluding) v200r003sph011
	运行在以下环境
	系统	huawei	s5300li_firmware	*	From (including) v200r005c00	Up to (excluding) v200r005sph008
	运行在以下环境
	系统	huawei	s5300li_firmware	*	From (including) v200r006c00	Up to (excluding) v200r006sph002
	运行在以下环境
	系统	huawei	s5300si_firmware	*	From (including) v200r001c00	Up to (excluding) v200r001sph018
	运行在以下环境
	系统	huawei	s5300si_firmware	*	From (including) v200r002c00	Up to (excluding) v200r003sph011
	运行在以下环境
	系统	huawei	s5310hi_firmware	*	From (including) v200r001c00	Up to (excluding) v200r001sph018
	运行在以下环境
	系统	huawei	s5310hi_firmware	*	From (including) v200r002c00	Up to (excluding) v200r003sph011
	运行在以下环境
	系统	huawei	s5720ei_firmware	*	From (including) v200r006c00	Up to (excluding) v200r006sph002
	运行在以下环境
	系统	huawei	s5720hi_firmware	*	From (including) v200r006c00	Up to (excluding) v200r006sph002
	运行在以下环境
	系统	huawei	s6300ei_firmware	*	From (including) v200r001c00	Up to (excluding) v200r001sph018
	运行在以下环境
	系统	huawei	s6300ei_firmware	*	From (including) v200r002c00	Up to (excluding) v200r003sph011
	运行在以下环境
	系统	huawei	s7700_firmware	*	From (including) v200r003c00	Up to (excluding) v200r003sph011
	运行在以下环境
	系统	huawei	s7700_firmware	*	From (including) v200r005c00	Up to (excluding) v200r005sph009
	运行在以下环境
	系统	huawei	s7700_firmware	*	From (including) v200r006c00	Up to (excluding) v200r006sph003
	运行在以下环境
	系统	huawei	s9300_firmware	*	From (including) v200r003c00	Up to (excluding) v200r003sph011
	运行在以下环境
	系统	huawei	s9300_firmware	*	From (including) v200r005c00	Up to (excluding) v200r005sph009
	运行在以下环境
	系统	huawei	s9300_firmware	*	From (including) v200r006c00	Up to (excluding) v200r006sph003
	运行在以下环境
	系统	huawei	s9700_firmware	*	From (including) v200r003c00	Up to (excluding) v200r003sph011
	运行在以下环境
	系统	huawei	s9700_firmware	*	From (including) v200r005c00	Up to (excluding) v200r005sph009
	运行在以下环境
	系统	huawei	s9700_firmware	*	From (including) v200r006c00	Up to (excluding) v200r006sph003
	运行在以下环境
	硬件	huawei	s2300	-	-
	运行在以下环境
	硬件	huawei	s2350ei	-	-
	运行在以下环境
	硬件	huawei	s3300	-	-
	运行在以下环境
	硬件	huawei	s5300ei	-	-
	运行在以下环境
硬件	huawei	s5300li	-	-
运行在以下环境
硬件	huawei	s5300si	-	-
运行在以下环境
硬件	huawei	s5310hi	-	-
运行在以下环境
硬件	huawei	s5720ei	-	-
运行在以下环境
硬件	huawei	s5720hi	-	-
运行在以下环境
硬件	huawei	s6300ei	-	-
运行在以下环境
硬件	huawei	s7700	-	-
运行在以下环境
硬件	huawei	s9300	-	-
运行在以下环境
硬件	huawei	s9700	-	-
查看完整数据

CVSS3评分 6.5

• 攻击路径 网络
• 攻击复杂度 低
• 权限要求 低
• 影响范围 未更改
• 用户交互 无
• 可用性 高
• 保密性 无
• 完整性 无

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CWE-ID 漏洞类型 CWE-399 资源管理错误