Oracle Secure Global Desktop Multiple Vulnerabilities (July 2015 CPU)

high Nessus Plugin ID 84795
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The application installed on the remote host is affected by multiple vulnerabilities.

Description

The Oracle Secure Global Desktop installed on the remote host is version 4.63 / 4.71 / 5.1 / 5.2. It is, therefore, affected by the following vulnerabilities :

- A security bypass vulnerability exists in Kerberos 5 due to a failure to properly determine the acceptability of checksums. A remote attacker can exploit this to forge tokens or gain privileges by using an unkeyed checksum.
(CVE-2010-1324)

- A NULL pointer deference flaw exists in the function bdfReadCharacters() in file bdfread.c of the X.Org libXfont module due to improper handling of non-readable character bitmaps. An authenticated, remote attacker, using a crafted BDF font file, can exploit this to cause a denial of service or execute arbitrary code.
(CVE-2015-1803)

- An out-of-bounds read/write error exists in the SProcXFixesSelectSelectionInput() function in the XFixes extension. A remote, authenticated attacker, using a crafted length value, can exploit this to cause a denial of service or execute arbitrary code.
(CVE-2014-8102)

- A remote attacker, by using a crafted string length value in an XkbSetGeometry request, can gain access to sensitive information from process memory or cause a denial of service. (CVE-2015-0255)

- An invalid read error exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service.
(CVE-2015-0286)

- A denial of service vulnerability exists in Apache Tomcat due to improper handling of HTTP responses that occurs before finishing reading an entire request body. A remote attacker can exploit this by using a crafted series of aborted upload attempts.
(CVE-2014-0230)

- A denial of service vulnerability exists in Apache Tomcat in ChunkedInputFilter.java due to improper handling of attempts to read data after an error has occurred. A remote attacker can exploit this by streaming data with malformed chunked-transfer encoding. (CVE-2014-0227)

- A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages.
A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571)

- An unspecified flaw exists that is related to the JServer subcomponent. A remote attacker can exploit this to impact confidentiality and integrity. No further details have been provided. (CVE-2015-2581)

Solution

Apply the appropriate patch according to the July 2015 Oracle Critical Patch Update advisory.

See Also

http://www.nessus.org/u?d18c2a85

Plugin Details

Severity: High

ID: 84795

File Name: oracle_secure_global_desktop_jul_2015_cpu.nasl

Version: 1.9

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 7/16/2015

Updated: 10/25/2021

Dependencies: oracle_secure_global_desktop_installed.nbin

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:virtualization_secure_global_desktop

Required KB Items: Host/Oracle_Secure_Global_Desktop/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 7/14/2015

Vulnerability Publication Date: 11/30/2010

Reference Information

CVE: CVE-2010-1324, CVE-2015-1803, CVE-2014-8102, CVE-2015-0255, CVE-2015-0286, CVE-2014-0230, CVE-2014-0227, CVE-2014-3571, CVE-2015-2581

BID: 45116, 71608, 71937, 72578, 72717, 73225, 73280, 74475, 75901