CVE-2016-5285

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2016-5285
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2779.html
http://www.ubuntu.com/usn/USN-3163-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1306103
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html
https://bto.bluecoat.com/security-advisory/sa137
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html
https://security.gentoo.org/glsa/201701-46
http://www.securityfocus.com/bid/94349
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:avaya:aura_application_enablement_services:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_enablement_services:7.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:-:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp1:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp10:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp10.1:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp11:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp11.1:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12.1:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12.2:*:*:*:*:*:*
cpe:2.3:a:avaya:call_management_system:17.0:r3:*:*:*:*:*:*
cpe:2.3:a:avaya:call_management_system:17.0:r4:*:*:*:*:*:*
cpe:2.3:a:avaya:call_management_system:17.0:r5:*:*:*:*:*:*
cpe:2.3:a:avaya:call_management_system:17.0:r6:*:*:*:*:*:*
cpe:2.3:a:avaya:call_management_system:17.0:-:*:*:*:*:*:*
cpe:2.3:a:avaya:breeze_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:iq:5.2.x:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp3:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp5:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp7:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12.3:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_application_server_5300:3.0:sp12.5:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_communication_manager_messagint:7.0:sp1:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_communication_manager_messagint:7.0:-:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_communication_manager:7.0:sp:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_communication_manager:7.0:sp3:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_communication_manager:7.0:-:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_communication_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:call_management_system:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:avaya:cs1000e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:avaya:cs1000e:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:avaya:cs1000m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:avaya:cs1000m:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:avaya:cs1000e\/cs1000m_signaling_server_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:avaya:cs1000e\/cs1000m_signaling_server:-:*:*:*:*:*:*:*

Configuration 9 (hide)

OR cpe:2.3:a:avaya:aura_conferencing:7.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_conferencing:7.2:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_conferencing:8.0:-:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_conferencing:8.0:sp2:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_conferencing:8.0:sp4:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_conferencing:8.0:sp5:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_conferencing:8.0:sp7:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_conferencing:8.0:sp8:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_conferencing:8.0:sp9:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_experience_portal:*:*:*:*:*:*:*:*

Configuration 10 (hide)

OR cpe:2.3:a:avaya:ip_office:8.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:-:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp1:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp10:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp11:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp12:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp3:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp4:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp5:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp6:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp7:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp8:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:9.1:sp9:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:10.0:sp1:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:10.0:sp2:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:10.0:sp3:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:10.0:sp4:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:10.0:sp5:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:10.0:sp6:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:10.0:sp7:*:*:*:*:*:*
cpe:2.3:a:avaya:ip_office:10.0:-:*:*:*:*:*:*

Configuration 11 (hide)

OR cpe:2.3:a:avaya:aura_messaging:6.3:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_messaging:6.3.3:-:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_messaging:6.3.3:sp4:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_messaging:6.3.3:sp5:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_messaging:6.3.3:sp6:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:7.0:-:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:7.0:sp1:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:7.0:sp2:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:7.0.1:-:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:7.0.1:sp1:*:*:*:*:*:*
cpe:2.3:a:avaya:proactive_contact:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:one-x_client_enablement_services:6.2:sp1:*:*:*:*:*:*
cpe:2.3:a:avaya:one-x_client_enablement_services:6.2:sp2:*:*:*:*:*:*
cpe:2.3:a:avaya:one-x_client_enablement_services:6.2:sp5:*:*:*:*:*:*
cpe:2.3:a:avaya:one-x_client_enablement_services:6.2:-:*:*:*:*:*:*
cpe:2.3:a:avaya:message_networking:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:meeting_exchange:6.2:sp3:*:*:*:*:*:*
cpe:2.3:a:avaya:meeting_exchange:6.2:-:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_utility_services:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_utility_services:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:7.0.1:sp2:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_manager:*:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
OR cpe:2.3:o:avaya:session_border_controller_for_enterprise_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:avaya:session_border_controller_for_enterprise_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:avaya:session_border_controller_for_enterprise:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:avaya:aura_system_platform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:avaya:aura_system_platform:-:*:*:*:*:*:*:*
Information

Published : 2019-11-15 08:15

Updated : 2020-01-09 12:15

NVD link : CVE-2016-5285

Mitre link : CVE-2016-5285

JSON object : View

CWE
CWE-476

NULL Pointer Dereference

Advertisement

dedicated server usa
Products Affected

avaya

  • iq
  • aura_experience_portal
  • aura_system_manager
  • session_border_controller_for_enterprise_firmware
  • proactive_contact
  • aura_conferencing
  • cs1000e_firmware
  • aura_communication_manager_messagint
  • breeze_platform
  • aura_application_server_5300
  • cs1000e\/cs1000m_signaling_server
  • aura_session_manager
  • aura_system_platform
  • aura_system_platform_firmware
  • cs1000e
  • cs1000m
  • cs1000m_firmware
  • meeting_exchange
  • one-x_client_enablement_services
  • cs1000e\/cs1000m_signaling_server_firmware
  • message_networking
  • aura_application_enablement_services
  • session_border_controller_for_enterprise
  • aura_communication_manager
  • call_management_system
  • aura_utility_services
  • ip_office
  • aura_messaging

redhat

  • enterprise_linux

debian

  • debian_linux

suse

  • linux_enterprise_server

mozilla

  • nss