#VU4083 Improper input validation in Oracle VM Server for x86 and Oracle Linux - CVE-2016-5285

Cybersecurity Help s.r.o.

Published: 2016-10-01 | Updated: 2017-06-29

Vulnerability identifier: #VU4083

Vulnerability risk: Low

CVSSv4.0: N/A

CVE-ID: CVE-2016-5285

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Oracle VM Server for x86
Server applications / Other server solutions
Oracle Linux
Operating systems & Components / Operating system

Vendor: Oracle

Description
It was discovered that NSS incorrectly handled certain invalid Diffie-Hellman keys. A remote attacker could possibly use this flaw to cause NSS to crash, resulting in a denial of service.

Vulnerable software versions

Oracle VM Server for x86: 3.3 - 3.4

Oracle Linux: 5 - 7

External links
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM FlashSystem models 840 and 900

Multiple vulnerabilities in SAN Volume Controller, Storwize family and FlashSystem V9000 products

Ubuntu update for NSS