Operating System:

[WIN][UNIX/Linux]

Published:

03 July 2020

Protect yourself against future threats.

//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.

Read more
Resources > Security Bulletins > ESB-2020.2288 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2288
         Improper input validation of RDP static virtual channels
                                3 July 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Apache Guacamole
Publisher:         Apache
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Access Confidential Data -- Unknown/Unspecified
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-9497  

Original Bulletin: 
   https://www.mail-archive.com/announce@apache.org/msg05965.html

- --------------------------BEGIN INCLUDED TEXT--------------------

CVE-2020-9497: Improper input validation of RDP static virtual channels

Versions affected:
Apache Guacamole 1.1.0 and earlier

Description:
Apache Guacamole 1.1.0 and older do not properly validate data
received from RDP servers via static virtual channels. If a user
connects to a malicious or compromised RDP server, specially-crafted
PDUs could result in disclosure of information within the memory of
the guacd process handling the connection.

Mitigation:
Users of versions of Apache Guacamole 1.1.0 and older that provide
access to untrusted RDP servers should upgrade to 1.2.0.

Credit:
We would like to thank the GitHub Security Lab and Eyal Itkin (Check
Point Research) for reporting this issue.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXv6j0eNLKJtyKPYoAQgqUQ//RXeIftWCWOcONbS3GTuOw2FBexcExBZu
hv5vcRUos5aXM62hcBjwY7PxZy9CgV4//2XNLPbxMIenvQD9VX5fvDmZDP3t1Aac
XzBzQjR8kJtoOSroasdFvHjf3ZzIpV7yfh6nnh/Kua+rzYfwaAJ0ucKs5aZ65rlh
XkduwHcbM0MEFfLbdMKl8mwdAmfs1pS9qrffvZliQb6hV4ZGPRmzD0YjMrKihzZp
YSVVJ4Hicwgr52vzaUTlH8Uy/BSDkcxZ9aAit8wtFBpu+M+M7reaPnj4FZkZ52iP
Mzwq3v3EtdfZySpTWeSvFwrsRbvsfoUe9OPSNlwDWx6a7le/4mC425Ajq6mVF64Y
GMKK3nLoRvk29J1t75nNeYnzR5IQQljAr47iLq5l5P4VtK0zSSMl6uxx+o0UhgMz
FmZ4qJty0Kz8H0oGSFwExUO0rjg/UJn0wZpGJG6V2D4mRO4yyzuazt+6BUK9R9hn
c/nrBobQg3E3e6RJKkZuO+aOtZHRdrVK/H7N+S9OuuDK1+0PaQ1r6q/ZID2ZJ13U
Vex5PQok5prH74NWwAcorV+I0xXt1Bz0pGaYYqAUc2dlKB/+NPSPnfCaaN7X3pTq
dhOWgetdRpfgIIhx3xFEi+ypw1ATZLSVW4nKor+ImkPXl5d9NwVr7BK7FrUnXXC8
t++fFvMmXQg=
=q9Ps
-----END PGP SIGNATURE-----