CVE-2016-5285
📋 TL;DR
This CVE describes a null pointer dereference vulnerability in Mozilla Network Security Services (NSS) that allows remote attackers to cause denial of service by triggering a crash. It affects systems using vulnerable versions of NSS for cryptographic operations, particularly in SSL/TLS implementations. The vulnerability is exploitable by malicious users who can send specially crafted network traffic.
💻 Affected Systems
- Mozilla Network Security Services (NSS)
- Applications using NSS libraries
- Firefox (indirectly through NSS)
- Red Hat Enterprise Linux
- SUSE Linux Enterprise Server
- Other Linux distributions with vulnerable NSS packages
📦 What is this software?
Aura Application Enablement Services by Avaya
View all CVEs affecting Aura Application Enablement Services →
Aura Application Enablement Services by Avaya
View all CVEs affecting Aura Application Enablement Services →
Aura Communication Manager Messagint by Avaya
View all CVEs affecting Aura Communication Manager Messagint →
Aura Communication Manager Messagint by Avaya
View all CVEs affecting Aura Communication Manager Messagint →
Cs1000e\/cs1000m Signaling Server Firmware by Avaya
View all CVEs affecting Cs1000e\/cs1000m Signaling Server Firmware →
Iq by Avaya
Nss by Mozilla
One X Client Enablement Services by Avaya
One X Client Enablement Services by Avaya
One X Client Enablement Services by Avaya
One X Client Enablement Services by Avaya
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption through application crash, potentially affecting availability of SSL/TLS dependent services like web servers, email servers, or VPNs.
Likely Case
Denial of service through application crash requiring restart of affected services, with potential for repeated attacks causing sustained downtime.
If Mitigated
Minimal impact if patched; unpatched systems remain vulnerable to DoS attacks but no data compromise or privilege escalation occurs.
🎯 Exploit Status
The vulnerability requires sending specially crafted network traffic to trigger the null pointer dereference. No authentication is needed, making it relatively easy to exploit for DoS purposes.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: NSS 3.26.2 and later
Vendor Advisory: http://rhn.redhat.com/errata/RHSA-2016-2779.html
Restart Required: Yes
Instructions:
1. Update NSS packages using your distribution's package manager. 2. For Red Hat systems: 'yum update nss nss-util nss-sysinit nss-tools'. 3. For SUSE systems: 'zypper update nss'. 4. Restart affected services using NSS libraries.
🔧 Temporary Workarounds
Network filtering
allImplement network filtering to block malicious traffic patterns that might trigger the vulnerability
Service isolation
allIsolate vulnerable services behind load balancers or firewalls to limit exposure
🧯 If You Can't Patch
- Implement strict network access controls to limit which systems can communicate with vulnerable services
- Monitor for abnormal service crashes and implement automated restart mechanisms
🔍 How to Verify
Check if Vulnerable:
Check NSS version: 'rpm -q nss' (RHEL/CentOS) or 'dpkg -l | grep nss' (Debian/Ubuntu) or 'zypper info nss' (SUSE). If version is earlier than 3.26.2, system is vulnerable.Check Version:
rpm -q nss --queryformat '%{VERSION}'Verify Fix Applied:
Verify NSS version is 3.26.2 or later using the same commands, then test SSL/TLS functionality of affected services.📡 Detection & Monitoring
Log Indicators:
- Application crashes with segmentation faults in NSS-related processes
- SSL/TLS handshake failures
- Service restarts without clear cause
Network Indicators:
- Unusual SSL/TLS traffic patterns
- Repeated connection attempts to SSL/TLS ports
SIEM Query:
source="*" ("segmentation fault" OR "null pointer" OR "SIGSEGV") AND process="*nss*"🔗 References
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html
- http://rhn.redhat.com/errata/RHSA-2016-2779.html
- http://www.securityfocus.com/bid/94349
- http://www.ubuntu.com/usn/USN-3163-1
- https://bto.bluecoat.com/security-advisory/sa137
- https://bugzilla.mozilla.org/show_bug.cgi?id=1306103
- https://security.gentoo.org/glsa/201701-46
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html
- http://rhn.redhat.com/errata/RHSA-2016-2779.html
- http://www.securityfocus.com/bid/94349
- http://www.ubuntu.com/usn/USN-3163-1
- https://bto.bluecoat.com/security-advisory/sa137
- https://bugzilla.mozilla.org/show_bug.cgi?id=1306103
- https://security.gentoo.org/glsa/201701-46
