-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2289
  CVE-2020-9498: Dangling pointer in RDP static virtual channel handling
                                3 July 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Apache Guacamole
Publisher:         Apache
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Unknown/Unspecified
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-9498  

Original Bulletin: 
   https://www.mail-archive.com/announce@apache.org/msg05964.html

- --------------------------BEGIN INCLUDED TEXT--------------------

CVE-2020-9498: Dangling pointer in RDP static virtual channel handling

Versions affected:
Apache Guacamole 1.1.0 and earlier

Description:
Apache Guacamole 1.1.0 and older may mishandle pointers involved in
processing data received via RDP static virtual channels. If a user
connects to a malicious or compromised RDP server, a series of
specially-crafted PDUs could result in memory corruption, possibly
allowing arbitrary code to be executed with the privileges of the
running guacd process.

Mitigation:
Users of versions of Apache Guacamole 1.1.0 and older that provide
access to untrusted RDP servers should upgrade to 1.2.0.

Credit:
We would like to thank Eyal Itkin (Check Point Research) for reporting
this issue.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXv6kJuNLKJtyKPYoAQh7pBAAsP3IrlwCeJvGf8LL8r0yeZgEuqxnbe9F
I4HyS84m0x7qcXb0ZepFhpPWfAiMQZN6WRjYfatdcALNWsTi9rzb735h2ofylSep
bO67zBakgN+wNOIG/9MVeBLfF4FN6oP0zeHGjMVY7IifMNpxxJS6wfODXqFCnAxt
6fPCId28lam2/nzBfwfsh7S+Dvu9E8fnAU1DOcKVGdCq0539ZDvtn2AmYLaGluBQ
7JjCO7FuSzM4Pg2EnmyFsooYPzxt7ADrSFh5/uSdsg3jturY3SiTzVPJ0xwuKFo5
CNfO1FUGuEfdA5jgAd+5Eozeq0yhE45b5SWn2R09uHhqZppXIcfjg/UbBWvlJZDY
Bk/SNfEHRK/JPFp+A0OFPKxSJypvrynzG9Anmsf86CgTSiPLO3vjBfQH7iZZxNad
+05hXL8Bd83n1ByRZBvJVH+HURNVWEcegUl0RpO+pqHVfxTHTGrs6mQ43BzeNvMV
GrXkwPnggyuh9a5yyRgMKMbwUFZAw/vKL6XQFqKhc0hCPXUr2+lSQSdNrICUsQPy
OQ0/WbRYeJLnVSxg6xbpv0MBRnbhiNVd2yfV/SkTqDMkydChmiv4Z7lV3IH7yQuY
UV1GF3p5jKxrOXBkD5r2LGRIGLqcT/EL/Wj8sM7UhR7xyZVvo6giLHfOdVTPtu6F
mmOgh90lx1I=
=5t85
-----END PGP SIGNATURE-----