阿里云漏洞库

漏洞描述

Huawei S5300EI是中国华为的S系列交换机产品。

多款Huawei产品HTTPS或SFTP服务器存在内存泄露漏洞，允许远程攻击者可通过登录和退出HTTPS或SFTP服务器消耗内存，进行拒绝服务攻击。

解决建议

用户可参考如下厂商提供的安全补丁以修复该漏洞：
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-03-switch-en

参考链接
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160113-03-switch-en

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	系统	huawei	s2300_firmware	*	From (including) v100r006c05	Up to (excluding) v100r006sph022
	运行在以下环境
	系统	huawei	s2350ei_firmware	*	From (including) v200r003c00	Up to (excluding) v200r003sph011
	运行在以下环境
	系统	huawei	s2350ei_firmware	*	From (including) v200r005c00	Up to (excluding) v200r005sph008
	运行在以下环境
	系统	huawei	s2350ei_firmware	*	From (including) v200r006c00	Up to (excluding) v200r006sph002
	运行在以下环境
	系统	huawei	s3300_firmware	*	From (including) v100r006c05	Up to (excluding) v100r006sph022
	运行在以下环境
	系统	huawei	s5300ei_firmware	*	From (including) v200r003c00	Up to (excluding) v200r003sph011
	运行在以下环境
	系统	huawei	s5300ei_firmware	*	From (including) v200r005c00	Up to (excluding) v200r005sph008
	运行在以下环境
	系统	huawei	s5300li_firmware	*	From (including) v200r003c00	Up to (excluding) v200r003sph011
	运行在以下环境
	系统	huawei	s5300li_firmware	*	From (including) v200r005c00	Up to (excluding) v200r005sph008
	运行在以下环境
	系统	huawei	s5300li_firmware	*	From (including) v200r006c00	Up to (excluding) v200r006sph002
	运行在以下环境
	系统	huawei	s5300si_firmware	*	From (including) v200r001c00	Up to (excluding) v200r001sph018
	运行在以下环境
	系统	huawei	s5300si_firmware	*	From (including) v200r002c00	Up to (excluding) v200r003sph011
	运行在以下环境
	系统	huawei	s5310hi_firmware	*	From (including) v200r001c00	Up to (excluding) v200r001sph018
	运行在以下环境
	系统	huawei	s5310hi_firmware	*	From (including) v200r002c00	Up to (excluding) v200r003sph011
	运行在以下环境
	系统	huawei	s5720ei_firmware	*	From (including) v200r006c00	Up to (excluding) v200r006sph002
	运行在以下环境
	系统	huawei	s5720hi_firmware	*	From (including) v200r006c00	Up to (excluding) v200r006sph002
	运行在以下环境
	系统	huawei	s6300ei_firmware	*	From (including) v200r001c00	Up to (excluding) v200r001sph018
	运行在以下环境
	系统	huawei	s6300ei_firmware	*	From (including) v200r002c00	Up to (excluding) v200r003sph011
	运行在以下环境
	系统	huawei	s7700_firmware	*	From (including) v200r003c00	Up to (excluding) v200r003sph011
	运行在以下环境
	系统	huawei	s7700_firmware	*	From (including) v200r005c00	Up to (excluding) v200r005sph009
	运行在以下环境
	系统	huawei	s7700_firmware	*	From (including) v200r006c00	Up to (excluding) v200r006sph003
	运行在以下环境
	系统	huawei	s9300_firmware	*	From (including) v200r003c00	Up to (excluding) v200r003sph011
	运行在以下环境
	系统	huawei	s9300_firmware	*	From (including) v200r005c00	Up to (excluding) v200r005sph009
	运行在以下环境
	系统	huawei	s9300_firmware	*	From (including) v200r006c00	Up to (excluding) v200r006sph003
	运行在以下环境
	系统	huawei	s9700_firmware	*	From (including) v200r003c00	Up to (excluding) v200r003sph011
	运行在以下环境
	系统	huawei	s9700_firmware	*	From (including) v200r005c00	Up to (excluding) v200r005sph009
	运行在以下环境
	系统	huawei	s9700_firmware	*	From (including) v200r006c00	Up to (excluding) v200r006sph003
	运行在以下环境
	硬件	huawei	s2300	-	-
	运行在以下环境
	硬件	huawei	s2350ei	-	-
	运行在以下环境
	硬件	huawei	s3300	-	-
	运行在以下环境
	硬件	huawei	s5300ei	-	-
	运行在以下环境
硬件	huawei	s5300li	-	-
运行在以下环境
硬件	huawei	s5300si	-	-
运行在以下环境
硬件	huawei	s5310hi	-	-
运行在以下环境
硬件	huawei	s5720ei	-	-
运行在以下环境
硬件	huawei	s5720hi	-	-
运行在以下环境
硬件	huawei	s6300ei	-	-
运行在以下环境
硬件	huawei	s7700	-	-
运行在以下环境
硬件	huawei	s9300	-	-
运行在以下环境
硬件	huawei	s9700	-	-

攻击路径

网络
攻击复杂度

低
权限要求

低
影响范围

未更改
用户交互

无
可用性

高
保密性

无
完整性

无

CWE-ID	漏洞类型
CWE-399	资源管理错误

Huawei S5300EI HTTPS/FTP Server Memory Leak 拒绝服务漏洞

漏洞描述

解决建议

参考链接

受影响软件情况