Main Vulnerability Database Vulnerabilities #VU4084

Information disclosure in Oracle VM Server for x86 and Oracle Linux - CVE-2016-8635

Published: October 1, 2016 / Updated: June 29, 2017

Vulnerability identifier: #VU4084

CSH Severity: Low

CVSS v4.0:

CVE-ID: CVE-2016-8635

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Oracle VM Server for x86
Oracle Linux

Detailed vulnerability description

Hubert Kario discovered that NSS incorrectly handled Diffie Hellman client key exchanges. A remote attacker could possibly use this flaw to perform a small subgroup confinement attack and recover private keys.

How to mitigate CVE-2016-8635

Sources

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

Information disclosure in Oracle VM Server for x86 and Oracle Linux - CVE-2016-8635

Detailed vulnerability description

How to mitigate CVE-2016-8635

Sources

Please verify you're human