====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN371
_____________________________________________________________________

DATE                : 07/07/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Guacamole versions prior to
                                             1.2.0.

=====================================================================
http://mail-archives.apache.org/mod_mbox/www-announce/202007.mbox/%3cCALKeL-PCDy9Y1bd1Nuj196_giWr4fSYyvrk74jfoLxpSysJf=A@mail.gmail.com%3e
http://mail-archives.apache.org/mod_mbox/www-announce/202007.mbox/%3cCALKeL-NrWzYLfautHShBxs3xsnxq5oO5fUhC1VAoDaX8rSBTbg@mail.gmail.com%3e
_____________________________________________________________________

CVE-2020-9497: Improper input validation of RDP static virtual channels

Versions affected:
Apache Guacamole 1.1.0 and earlier

Description:
Apache Guacamole 1.1.0 and older do not properly validate data
received from RDP servers via static virtual channels. If a user
connects to a malicious or compromised RDP server, specially-crafted
PDUs could result in disclosure of information within the memory of
the guacd process handling the connection.

Mitigation:
Users of versions of Apache Guacamole 1.1.0 and older that provide
access to untrusted RDP servers should upgrade to 1.2.0.

Credit:
We would like to thank the GitHub Security Lab and Eyal Itkin (Check
Point Research) for reporting this issue.

_____________________________________________________________________

CVE-2020-9498: Dangling pointer in RDP static virtual channel handling

Versions affected:
Apache Guacamole 1.1.0 and earlier

Description:
Apache Guacamole 1.1.0 and older may mishandle pointers involved in
processing data received via RDP static virtual channels. If a user
connects to a malicious or compromised RDP server, a series of
specially-crafted PDUs could result in memory corruption, possibly
allowing arbitrary code to be executed with the privileges of the
running guacd process.

Mitigation:
Users of versions of Apache Guacamole 1.1.0 and older that provide
access to untrusted RDP servers should upgrade to 1.2.0.

Credit:
We would like to thank Eyal Itkin (Check Point Research) for reporting
this issue.

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================