Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
2 changed files
with
29 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
--- | ||
title: Improper input validation of RDP static virtual channels | ||
cve: CVE-2020-9497 | ||
fixed: 1.2.0 | ||
--- | ||
|
||
Apache Guacamole 1.1.0 and older do not properly validate data received from | ||
RDP servers via static virtual channels. If a user connects to a malicious or | ||
compromised RDP server, specially-crafted PDUs could result in disclosure of | ||
information within the memory of the guacd process handling the connection. | ||
|
||
Acknowledgements: We would like to thank the GitHub Security Lab and Eyal Itkin | ||
(Check Point Research) for reporting this issue. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
--- | ||
title: Dangling pointer in RDP static virtual channel handling | ||
cve: CVE-2020-9498 | ||
fixed: 1.2.0 | ||
--- | ||
|
||
Apache Guacamole 1.1.0 and older may mishandle pointers involved in processing | ||
data received via RDP static virtual channels. If a user connects to a | ||
malicious or compromised RDP server, a series of specially-crafted PDUs could | ||
result in memory corruption, possibly allowing arbitrary code to be executed | ||
with the privileges of the running guacd process. | ||
|
||
Acknowledgements: We would like to thank Eyal Itkin (Check Point Research) for | ||
reporting this issue. | ||
|