Oracle Secure Global Desktop Multiple Vulnerabilities (July 2015 CPU)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The application installed on the remote host is affected by multiple
vulnerabilities.

Description :

The Oracle Secure Global Desktop installed on the remote host is
version 4.63 / 4.71 / 5.1 / 5.2. It is, therefore, affected by the
following vulnerabilities :

- A security bypass vulnerability exists in Kerberos 5 due
to a failure to properly determine the acceptability of
checksums. A remote attacker can exploit this to forge
tokens or gain privileges by using an unkeyed checksum.
(CVE-2010-1324)

- A NULL pointer deference flaw exists in the function
bdfReadCharacters() in file bdfread.c of the X.Org
libXfont module due to improper handling of non-readable
character bitmaps. An authenticated, remote attacker,
using a crafted BDF font file, can exploit this to
cause a denial of service or execute arbitrary code.
(CVE-2015-1803)

- An out-of-bounds read/write error exists in the
SProcXFixesSelectSelectionInput() function in the
XFixes extension. A remote, authenticated attacker,
using a crafted length value, can exploit this to
cause a denial of service or execute arbitrary code.
(CVE-2014-8102)

- A remote attacker, by using a crafted string length
value in an XkbSetGeometry request, can gain access to
sensitive information from process memory or cause a
denial of service. (CVE-2015-0255)

- An invalid read error exists in the ASN1_TYPE_cmp()
function due to improperly performed boolean-type
comparisons. A remote attacker can exploit this, via a
crafted X.509 certificate to an endpoint that uses the
certificate-verification feature, to cause an invalid
read operation, resulting in a denial of service.
(CVE-2015-0286)

- A denial of service vulnerability exists in Apache
Tomcat due to improper handling of HTTP responses
that occurs before finishing reading an entire request
body. A remote attacker can exploit this by using a
crafted series of aborted upload attempts.
(CVE-2014-0230)

- A denial of service vulnerability exists in Apache
Tomcat in ChunkedInputFilter.java due to improper
handling of attempts to read data after an error has
occurred. A remote attacker can exploit this by
streaming data with malformed chunked-transfer
encoding. (CVE-2014-0227)

- A NULL pointer dereference flaw exists in the
dtls1_get_record() function when handling DTLS messages.
A remote attacker, using a specially crafted DTLS
message, can cause a denial of service. (CVE-2014-3571)

- An unspecified flaw exists that is related to the
JServer subcomponent. A remote attacker can exploit this
to impact confidentiality and integrity. No further
details have been provided. (CVE-2015-2581)

See also :

http://www.nessus.org/u?d18c2a85

Solution :

Apply the appropriate patch according to the July 2015 Oracle
Critical Patch Update advisory.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now