SB2019011707 - Multiple vulnerabilities in Oracle Sun Systems Products Suite
Published: January 17, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Deserialization of untrusted data (CVE-ID: CVE-2017-5645)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists receiving serialized log events from another application when using the TCP socket server or UDP socket server. A remote attacker can submit a specially crafted binary payload, when deserialized, and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
2) Out-of-bounds write (CVE-ID: CVE-2018-12759)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing PDF files. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Information disclosure (CVE-ID: CVE-2016-0635)
The vulnerability allows a remote attacker to obtain potentially sensitive information.The vulnerability exists in Primavera P6 Enterprise Project Portfolio Management Web Access component. A remote authenticated attacker can gain elevated privileges by exploiting a flaw in the Primavera P6 Enterprise Project Portfolio Management Web access component.
Successful exploitation of this vulnerability may result in disclosure of system information
4) Information disclosure (CVE-ID: CVE-2018-3646)
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists on the systems with microprocessors utilizing speculative execution and address translations due to an error in Hypervisor. An adjacent attacker can access information residing in the L1 data cache via a terminal page fault and a side-channel analysis.
5) Speculative Store Bypass (CVE-ID: CVE-2018-3639)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative execution of Load and Store instructions to read privileged memory.
Note: the vulnerability is referred to as "Spectre variant 4".
6) Denial of service (CVE-ID: CVE-2019-2545)
The vulnerability allows a local unauthenticated attacker to cause DoS condition.The weakness exists due to unspecified flaw in the LDoms IO component. A local attacker can cause the service to crash.
7) Information disclosure (CVE-ID: CVE-2019-2544)
The vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information.The weakness exists due to unspecified flaw in the Kernel component. A local attacker can read arbitrary files.
8) Information disclosure (CVE-ID: CVE-2019-2543)
The vulnerability allows a remote attacker to obtain potentially sensitive information.The weakness exists due to unspecified flaw in the Kernel component. A remote attacker can read arbitrary files.
9) Privilege escalation (CVE-ID: CVE-2019-2412)
The vulnerability allows a local attacker to gain elevated privileges.The weakness exists due to unspecified flaw in the Object Store component. A local attacker can gain elevated privileges to conduct further attacks.
10) Denial of service (CVE-ID: CVE-2019-2437)
The vulnerability allows a remote attacker to cause DoS condition.The weakness exists due to unspecified flaw in the Kernel component. A remote attacker can cause the service to crash.
11) Privilege escalation (CVE-ID: CVE-2019-2541)
The vulnerability allows an adjacent attacker to gain elevated privileges.The weakness exists due to unspecified flaw in DHCP Client. An adjacent attacker can gain elevated privileges to conduct further attacks.
Remediation
Install update from vendor's website.