|Category:||Debian Local Security Checks|
|Title:||Debian LTS: Security Advisory for guacamole-server (DLA-2435-1)|
|Summary:||The remote host is missing an update for the 'guacamole-server'; package(s) announced via the DLA-2435-1 advisory.|
The remote host is missing an update for the 'guacamole-server'
package(s) announced via the DLA-2435-1 advisory.
The server component of Apache Guacamole, a remote desktop gateway,
did not properly validate data received from RDP servers. This could
in information disclosure or even the execution of arbitrary code.
Apache Guacamole does not properly validate data received from RDP
servers via static virtual channels. If a user connects to a
malicious or compromised RDP server, specially-crafted PDUs could
result in disclosure of information within the memory of the guacd
process handling the connection.
Apache Guacamole may mishandle pointers involved in processing data
received via RDP static virtual channels. If a user connects to a
malicious or compromised RDP server, a series of specially-crafted
PDUs could result in memory corruption, possibly allowing arbitrary
code to be executed with the privileges of the running guacd
'guacamole-server' package(s) on Debian Linux.
For Debian 9 stretch, these problems have been fixed in version
We recommend that you upgrade your guacamole-server packages.
Common Vulnerability Exposure (CVE) ID: CVE-2020-9497|
Common Vulnerability Exposure (CVE) ID: CVE-2020-9498
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.