SB2020102833 - Multiple vulnerabilities in Oracle Communications Session Report Manager

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2020-1954)

The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.

The vulnerability exists in the JMX Integration when the "createMBServerConnectorFactory" property of the default InstrumentationManagerImpl is not disabled. A remote attacker on the same host can perform a man-in-the-middle attack and gain access to all of the information that is sent and received over JMX. 

2) Use of insufficiently random values (CVE-ID: CVE-2020-5408)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the affected software uses a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A remote authenticated attacker can derive the unencrypted values using a dictionary attack.

3) Deserialization of Untrusted Data (CVE-ID: CVE-2020-9484)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data in uploaded files names. A remote attacker can pass specially crafted file name to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that the server is configured to use PersistenceManager with a FileStore and the attacker knows relative file path from storage location.

4) Resource management error (CVE-ID: CVE-2019-12402)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the file name encoding algorithm can get into an infinite loop when faced with specially crafted inputs. A remote attacker can choose the file names inside of an archive created by Compress and cause a denial of service condition on the target system.

5) Deserialization of Untrusted Data (CVE-ID: CVE-2020-14195)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

6) Operation on a Resource after Expiration or Release (CVE-ID: CVE-2019-17638)

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with response2 data. Thread1 then proceeds to write the buffer that now contains response2 data. This results in client1, which issued request1 and expects responses, to see response2 which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.).

7) Buffer overflow (CVE-ID: CVE-2020-11984)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in od_proxy_uwsgi module. A remote attacker can send a specially crafted request to the web server, trigger memory corruption and gain access to sensitive information or execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

• https://www.oracle.com/security-alerts/cpuoct2020.html?534789