ID CVE-2016-8635
Summary It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:network_security_services:3.21:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.21:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.21.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.21.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.21.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.21.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:network_security_services:3.21.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:network_security_services:3.21.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 12-02-2023 - 23:26)
Impact:
Exploitability:
CWE CWE-358
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
redhat via4
advisories
bugzilla
id 1391818
title CVE-2016-8635 nss: small-subgroups attack flaw
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • comment nss is earlier than 0:3.21.3-2.el5_11
          oval oval:com.redhat.rhsa:tst:20162779001
        • comment nss is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20150925006
      • AND
        • comment nss-devel is earlier than 0:3.21.3-2.el5_11
          oval oval:com.redhat.rhsa:tst:20162779003
        • comment nss-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20150925008
      • AND
        • comment nss-pkcs11-devel is earlier than 0:3.21.3-2.el5_11
          oval oval:com.redhat.rhsa:tst:20162779005
        • comment nss-pkcs11-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20150925010
      • AND
        • comment nss-tools is earlier than 0:3.21.3-2.el5_11
          oval oval:com.redhat.rhsa:tst:20162779007
        • comment nss-tools is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20150925012
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment nss-util is earlier than 0:3.21.3-1.el6_8
          oval oval:com.redhat.rhsa:tst:20162779010
        • comment nss-util is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364016
      • AND
        • comment nss-util-devel is earlier than 0:3.21.3-1.el6_8
          oval oval:com.redhat.rhsa:tst:20162779012
        • comment nss-util-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364018
      • AND
        • comment nss is earlier than 0:3.21.3-2.el6_8
          oval oval:com.redhat.rhsa:tst:20162779014
        • comment nss is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364006
      • AND
        • comment nss-devel is earlier than 0:3.21.3-2.el6_8
          oval oval:com.redhat.rhsa:tst:20162779016
        • comment nss-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364008
      • AND
        • comment nss-pkcs11-devel is earlier than 0:3.21.3-2.el6_8
          oval oval:com.redhat.rhsa:tst:20162779018
        • comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364010
      • AND
        • comment nss-sysinit is earlier than 0:3.21.3-2.el6_8
          oval oval:com.redhat.rhsa:tst:20162779020
        • comment nss-sysinit is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364012
      • AND
        • comment nss-tools is earlier than 0:3.21.3-2.el6_8
          oval oval:com.redhat.rhsa:tst:20162779022
        • comment nss-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364014
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment nss-util is earlier than 0:3.21.3-1.1.el7_3
          oval oval:com.redhat.rhsa:tst:20162779025
        • comment nss-util is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364016
      • AND
        • comment nss-util-devel is earlier than 0:3.21.3-1.1.el7_3
          oval oval:com.redhat.rhsa:tst:20162779026
        • comment nss-util-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364018
      • AND
        • comment nss is earlier than 0:3.21.3-2.el7_3
          oval oval:com.redhat.rhsa:tst:20162779027
        • comment nss is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364006
      • AND
        • comment nss-devel is earlier than 0:3.21.3-2.el7_3
          oval oval:com.redhat.rhsa:tst:20162779028
        • comment nss-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364008
      • AND
        • comment nss-pkcs11-devel is earlier than 0:3.21.3-2.el7_3
          oval oval:com.redhat.rhsa:tst:20162779029
        • comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364010
      • AND
        • comment nss-sysinit is earlier than 0:3.21.3-2.el7_3
          oval oval:com.redhat.rhsa:tst:20162779030
        • comment nss-sysinit is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364012
      • AND
        • comment nss-tools is earlier than 0:3.21.3-2.el7_3
          oval oval:com.redhat.rhsa:tst:20162779031
        • comment nss-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20150364014
rhsa
id RHSA-2016:2779
released 2016-11-16
severity Moderate
title RHSA-2016:2779: nss and nss-util security update (Moderate)
rpms
  • nss-0:3.21.3-2.el5_11
  • nss-0:3.21.3-2.el6_8
  • nss-0:3.21.3-2.el7_3
  • nss-debuginfo-0:3.21.3-2.el5_11
  • nss-debuginfo-0:3.21.3-2.el6_8
  • nss-debuginfo-0:3.21.3-2.el7_3
  • nss-devel-0:3.21.3-2.el5_11
  • nss-devel-0:3.21.3-2.el6_8
  • nss-devel-0:3.21.3-2.el7_3
  • nss-pkcs11-devel-0:3.21.3-2.el5_11
  • nss-pkcs11-devel-0:3.21.3-2.el6_8
  • nss-pkcs11-devel-0:3.21.3-2.el7_3
  • nss-sysinit-0:3.21.3-2.el6_8
  • nss-sysinit-0:3.21.3-2.el7_3
  • nss-tools-0:3.21.3-2.el5_11
  • nss-tools-0:3.21.3-2.el6_8
  • nss-tools-0:3.21.3-2.el7_3
  • nss-util-0:3.21.3-1.1.el7_3
  • nss-util-0:3.21.3-1.el6_8
  • nss-util-debuginfo-0:3.21.3-1.1.el7_3
  • nss-util-debuginfo-0:3.21.3-1.el6_8
  • nss-util-devel-0:3.21.3-1.1.el7_3
  • nss-util-devel-0:3.21.3-1.el6_8
refmap via4
bid 94346
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8635
gentoo GLSA-201701-46
Last major update 12-02-2023 - 23:26
Published 01-08-2018 - 13:29
Last modified 12-02-2023 - 23:26
Back to Top