Detections
Analytics

Oracle Secure Global Desktop Multiple Vulnerabilities (July 2015 CPU)

high Nessus Plugin ID 84795

Language:

Synopsis

The application installed on the remote host is affected by multiple vulnerabilities.

Description

The Oracle Secure Global Desktop installed on the remote host is version 4.63 / 4.71 / 5.1 / 5.2. It is, therefore, affected by the following vulnerabilities :

 - A security bypass vulnerability exists in Kerberos 5 due to a failure to properly determine the acceptability of checksums. A remote attacker can exploit this to forge tokens or gain privileges by using an unkeyed checksum.
 (CVE-2010-1324)

 - A NULL pointer deference flaw exists in the function bdfReadCharacters() in file bdfread.c of the X.Org libXfont module due to improper handling of non-readable character bitmaps. An authenticated, remote attacker, using a crafted BDF font file, can exploit this to cause a denial of service or execute arbitrary code.
 (CVE-2015-1803)

 - An out-of-bounds read/write error exists in the SProcXFixesSelectSelectionInput() function in the XFixes extension. A remote, authenticated attacker, using a crafted length value, can exploit this to cause a denial of service or execute arbitrary code.
 (CVE-2014-8102)

 - A remote attacker, by using a crafted string length value in an XkbSetGeometry request, can gain access to sensitive information from process memory or cause a denial of service. (CVE-2015-0255)

 - An invalid read error exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service.
 (CVE-2015-0286)

 - A denial of service vulnerability exists in Apache Tomcat due to improper handling of HTTP responses that occurs before finishing reading an entire request body. A remote attacker can exploit this by using a crafted series of aborted upload attempts.
 (CVE-2014-0230)

 - A denial of service vulnerability exists in Apache Tomcat in ChunkedInputFilter.java due to improper handling of attempts to read data after an error has occurred. A remote attacker can exploit this by streaming data with malformed chunked-transfer encoding. (CVE-2014-0227)

 - A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages.
 A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571)

 - An unspecified flaw exists that is related to the JServer subcomponent. A remote attacker can exploit this to impact confidentiality and integrity. No further details have been provided. (CVE-2015-2581)

Solution

Apply the appropriate patch according to the July 2015 Oracle Critical Patch Update advisory.

See Also

http://www.nessus.org/u?d18c2a85

Plugin Details

Severity: High

ID: 84795

File Name: oracle_secure_global_desktop_jul_2015_cpu.nasl

Version: 1.9

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 7/16/2015

Updated: 10/25/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:oracle:virtualization_secure_global_desktop

Required KB Items: Host/Oracle_Secure_Global_Desktop/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 7/14/2015

Vulnerability Publication Date: 11/30/2010

Reference Information

CVE: CVE-2010-1324, CVE-2014-0227, CVE-2014-0230, CVE-2014-3571, CVE-2014-8102, CVE-2015-0255, CVE-2015-0286, CVE-2015-1803, CVE-2015-2581

BID: 45116, 71608, 71937, 72578, 72717, 73225, 73280, 74475, 75901