Oracle Secure Global Desktop Multiple Vulnerabilities (July 2015 CPU)

High Nessus Plugin ID 84795

Synopsis

The application installed on the remote host is affected by multiple vulnerabilities.

Description

The Oracle Secure Global Desktop installed on the remote host is version 4.63 / 4.71 / 5.1 / 5.2. It is, therefore, affected by the following vulnerabilities :

- A security bypass vulnerability exists in Kerberos 5 due to a failure to properly determine the acceptability of checksums. A remote attacker can exploit this to forge tokens or gain privileges by using an unkeyed checksum.
(CVE-2010-1324)

- A NULL pointer deference flaw exists in the function bdfReadCharacters() in file bdfread.c of the X.Org libXfont module due to improper handling of non-readable character bitmaps. An authenticated, remote attacker, using a crafted BDF font file, can exploit this to cause a denial of service or execute arbitrary code.
(CVE-2015-1803)

- An out-of-bounds read/write error exists in the SProcXFixesSelectSelectionInput() function in the XFixes extension. A remote, authenticated attacker, using a crafted length value, can exploit this to cause a denial of service or execute arbitrary code.
(CVE-2014-8102)

- A remote attacker, by using a crafted string length value in an XkbSetGeometry request, can gain access to sensitive information from process memory or cause a denial of service. (CVE-2015-0255)

- An invalid read error exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service.
(CVE-2015-0286)

- A denial of service vulnerability exists in Apache Tomcat due to improper handling of HTTP responses that occurs before finishing reading an entire request body. A remote attacker can exploit this by using a crafted series of aborted upload attempts.
(CVE-2014-0230)

- A denial of service vulnerability exists in Apache Tomcat in ChunkedInputFilter.java due to improper handling of attempts to read data after an error has occurred. A remote attacker can exploit this by streaming data with malformed chunked-transfer encoding. (CVE-2014-0227)

- A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages.
A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571)

- An unspecified flaw exists that is related to the JServer subcomponent. A remote attacker can exploit this to impact confidentiality and integrity. No further details have been provided. (CVE-2015-2581)

Solution

Apply the appropriate patch according to the July 2015 Oracle Critical Patch Update advisory.

See Also

http://www.nessus.org/u?d18c2a85

Plugin Details

Severity: High

ID: 84795

File Name: oracle_secure_global_desktop_jul_2015_cpu.nasl

Version: 1.8

Type: local

Family: Misc.

Published: 2015/07/16

Updated: 2018/07/18

Dependencies: 70729

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:virtualization_secure_global_desktop

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/07/14

Vulnerability Publication Date: 2010/11/30

Reference Information

CVE: CVE-2010-1324, CVE-2015-1803, CVE-2014-8102, CVE-2015-0255, CVE-2015-0286, CVE-2014-0230, CVE-2014-0227, CVE-2014-3571, CVE-2015-2581

BID: 45116, 71608, 71937, 72578, 72717, 73225, 73280, 74475, 75901