Red Hat update for thunderbird
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-5257 |
| CWE-ID | CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Red Hat Enterprise Linux for IBM z Systems Operating systems & Components / Operating system Red Hat Enterprise Linux Desktop Operating systems & Components / Operating system Red Hat Enterprise Linux Workstation Operating systems & Components / Operating system Red Hat Enterprise Linux Server Operating systems & Components / Operating system |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Arbitrary code execution
EUVDB-ID: #VU606
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-5257
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability may lead to arbitrary code execution on the target system.
The weakness is caused by memory safety bugs. A memory corruption allows attackers to execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install updates from vendor's website.
Red Hat Enterprise Linux for IBM z Systems: 6
Red Hat Enterprise Linux Desktop: 5 - 7
Red Hat Enterprise Linux Workstation: 6 - 7
Red Hat Enterprise Linux Server: 6.0 - v.5
CPE2.3- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:5:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:6:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:7:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:6.0:*:*:*:*:red_hat_enterprise_linux:*:
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:v.5:*:*:*:*:red_hat_enterprise_linux:*:
http://access.redhat.com/errata/RHSA-2016:1985
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
