cnvd-2016-11666
Vulnerability from cnvd

Title: 华为部分交换机存在整数溢出漏洞

Description:

Huawei CloudEngine 12800、CloudEngine 5800、CloudEngine 6800、CloudEngine 7800、CloudEngine 8800为华为的交换机设备。

华为部分交换机存在整数溢出漏洞。由于未对IPFPM报文中的特定字段进行校验,未经认证的远程攻击者利用漏洞可向目标设备发送特定的IPFPM报文,可能导致设备重启。

Severity:

Patch Name: 华为部分交换机存在整数溢出漏洞的补丁

Patch Description:

Huawei CloudEngine 12800、CloudEngine 5800、CloudEngine 6800、CloudEngine 7800、CloudEngine 8800为华为的交换机设备。

华为部分交换机存在整数溢出漏洞。由于未对IPFPM报文中的特定字段进行校验,未经认证的远程攻击者利用漏洞可向目标设备发送特定的IPFPM报文,可能导致设备重启。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。

Formal description:

厂商已提供漏洞修补方案,请关注如下链接及时更新: http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161123-01-vrp-cn

Reference: http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161123-01-vrp-cn

Impacted products
Name
['Huawei CloudEngine 12800 V100R003C00', 'Huawei CloudEngine 12800 V100R003C10', 'Huawei CloudEngine 12800 V100R005C00', 'Huawei CloudEngine 12800 V100R005C10', 'Huawei CloudEngine 12800 V100R006C00', 'Huawei CloudEngine 5800 V100R003C10', 'Huawei CloudEngine 5800 V100R005C00', 'Huawei CloudEngine 5800 V100R005C10', 'Huawei CloudEngine 5800 V100R006C00', 'Huawei CloudEngine 6800 V100R003C10', 'Huawei CloudEngine 6800 V100R005C00', 'Huawei CloudEngine 6800 V100R005C10', 'Huawei CloudEngine 6800 V100R006C00', 'Huawei CloudEngine 7800 V100R003C10', 'Huawei CloudEngine 7800 V100R005C00', 'Huawei CloudEngine 7800 V100R005C10', 'Huawei CloudEngine 7800 V100R006C00', 'Huawei CloudEngine 8800 V100R006C00', 'Huawei CloudEngine 12800 V100R002C00', 'Huawei CloudEngine 5800 V100R002C00', 'Huawei CloudEngine 5800 V100R003C00', 'Huawei CloudEngine 6800 V100R002C00', 'Huawei CloudEngine 6800 V100R003C00', 'Huawei CloudEngine 7800 V100R003C00']
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "94504"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8795"
    }
  },
  "description": "Huawei CloudEngine 12800\u3001CloudEngine 5800\u3001CloudEngine 6800\u3001CloudEngine 7800\u3001CloudEngine 8800\u4e3a\u534e\u4e3a\u7684\u4ea4\u6362\u673a\u8bbe\u5907\u3002\r\n\r\n\u534e\u4e3a\u90e8\u5206\u4ea4\u6362\u673a\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u7531\u4e8e\u672a\u5bf9IPFPM\u62a5\u6587\u4e2d\u7684\u7279\u5b9a\u5b57\u6bb5\u8fdb\u884c\u6821\u9a8c\uff0c\u672a\u7ecf\u8ba4\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u5411\u76ee\u6807\u8bbe\u5907\u53d1\u9001\u7279\u5b9a\u7684IPFPM\u62a5\u6587\uff0c\u53ef\u80fd\u5bfc\u81f4\u8bbe\u5907\u91cd\u542f\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u8865\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5982\u4e0b\u94fe\u63a5\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161123-01-vrp-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-11666",
  "openTime": "2016-11-30",
  "patchDescription": "Huawei CloudEngine 12800\u3001CloudEngine 5800\u3001CloudEngine 6800\u3001CloudEngine 7800\u3001CloudEngine 8800\u4e3a\u534e\u4e3a\u7684\u4ea4\u6362\u673a\u8bbe\u5907\u3002\r\n\r\n\u534e\u4e3a\u90e8\u5206\u4ea4\u6362\u673a\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u7531\u4e8e\u672a\u5bf9IPFPM\u62a5\u6587\u4e2d\u7684\u7279\u5b9a\u5b57\u6bb5\u8fdb\u884c\u6821\u9a8c\uff0c\u672a\u7ecf\u8ba4\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u5411\u76ee\u6807\u8bbe\u5907\u53d1\u9001\u7279\u5b9a\u7684IPFPM\u62a5\u6587\uff0c\u53ef\u80fd\u5bfc\u81f4\u8bbe\u5907\u91cd\u542f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u534e\u4e3a\u90e8\u5206\u4ea4\u6362\u673a\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei CloudEngine 12800 V100R003C00",
      "Huawei CloudEngine 12800 V100R003C10",
      "Huawei CloudEngine 12800 V100R005C00",
      "Huawei CloudEngine 12800 V100R005C10",
      "Huawei CloudEngine 12800 V100R006C00",
      "Huawei CloudEngine 5800 V100R003C10",
      "Huawei CloudEngine 5800 V100R005C00",
      "Huawei CloudEngine 5800 V100R005C10",
      "Huawei CloudEngine 5800 V100R006C00",
      "Huawei CloudEngine 6800 V100R003C10",
      "Huawei CloudEngine 6800 V100R005C00",
      "Huawei CloudEngine 6800 V100R005C10",
      "Huawei CloudEngine 6800 V100R006C00",
      "Huawei CloudEngine 7800 V100R003C10",
      "Huawei CloudEngine 7800 V100R005C00",
      "Huawei CloudEngine 7800 V100R005C10",
      "Huawei CloudEngine 7800 V100R006C00",
      "Huawei CloudEngine 8800 V100R006C00",
      "Huawei CloudEngine 12800 V100R002C00",
      "Huawei CloudEngine 5800 V100R002C00",
      "Huawei CloudEngine 5800 V100R003C00",
      "Huawei CloudEngine 6800 V100R002C00",
      "Huawei CloudEngine 6800 V100R003C00",
      "Huawei CloudEngine 7800 V100R003C00"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20161123-01-vrp-cn",
  "serverity": "\u4f4e",
  "submitTime": "2016-11-28",
  "title": "\u534e\u4e3a\u90e8\u5206\u4ea4\u6362\u673a\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.