Shulou(Shulou.com)06/01 Report--

This article will explain in detail the example analysis of remote code execution vulnerabilities in the Apache Guacamole gateway. The content of the article is of high quality, so the editor will share it with you for reference. I hope you will have some understanding of the relevant knowledge after reading this article.

Brief introduction of 0x00 vulnerability

On July 3, 2020, 360CERT Monitoring found that Apache Guacamole officially issued a risk notice for remote code execution of the Guacamole gateway. The vulnerability number is CVE-2020-9497/CVE-2020-9498, and the vulnerability level is medium danger.

There is a memory leak / memory corruption vulnerability in Apache Guacamole. By exploiting any remote server in Guacamole management and inducing Guacamole connections, an attacker can cause full control of all remote desktop sessions between the Guacamole principal and its connections (including, but not limited to: uploading and downloading arbitrary remote host files; executing arbitrary programs / commands on any remote host, etc.)

In this regard, 360CERT recommends that the majority of users upgrade Apache Guacamole to 1.2.0 in time. At the same time, please do a good job of asset self-examination and prevention to avoid hacker attacks.

0x01 risk rating

360CERT's assessment of the vulnerability is as follows

Assessment method level threat level Mid-risk impact Surface Limited 0x02 vulnerability details

Apache Guacamole Gateway is a clientless remote desktop gateway based on HTML5 pages. It supports standard protocols for remote connections, such as VNC,RDP and SSH. It is convenient for users to access internal hosts directly from the cloud.

An attacker can only trigger the following vulnerability if any internal server managed by Guacamole has been compromised, and the attacker cannot cause harm to Guacamole externally.

CVE-2020-9497

Guacamole has a memory leak vulnerability when processing static virtual channel data. When Guacamole connects to the RDP client, if the RDP client (attacker-controlled) sends a special PDU (protocol data unit), the in-memory data of the Guacamole is transferred to the connected RDP client (attacker-controlled).

CVE-2020-9498

Guacamole has a memory corruption vulnerability when processing static virtual channel data pointers. When Guacamole connects to the RDP client, if the RDP client (controlled by the attacker) sends a specially crafted PDU (protocol data unit), the attacker can execute arbitrary code in the guacd process of Guacamole. In turn, take over all remote desktop sessions managed by Guacamole.

0x03 affects version

Apache Guacamole: < 1.2.0

0x04 repair recommendations General patching recommendations:

Upgrade to Apache Guacamole version 1.2.0 and download it from:

Http://guacamole.apache.org/releases/

0x05 product side solution 360city-level network security monitoring service

The QUAKE asset mapping platform of the security brain monitors such vulnerabilities by means of asset mapping technology, and asks users to contact the relevant product area leaders to obtain the corresponding products.

This is the case analysis of the remote code execution vulnerability of the Apache Guacamole gateway. I hope the above content can be helpful to everyone and learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.