On Fri, Jul 3, 2020, 13:55 Daniel Moscovitch wrote:
> Hi Mike,
> Would the recent CVE's be able to affect a guacserver that did not have
> the guacsnd.so and guaccdr.so linked in? (ie no sound and redirection
> functional)?
No, you would need sound, drive, printing, or audio input enabled.
...@guacamole.apache.org;
d...@guacamole.apache.org; user@guacamole.apache.org
Cc: secur...@guacamole.apache.org; oss-secur...@lists.openwall.com
Subject: [SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation
of RDP static virtual channels
CVE-2020-9497: Improper input validation
CVE-2020-9497: Improper input validation of RDP static virtual channels
Versions affected:
Apache Guacamole 1.1.0 and earlier
Description:
Apache Guacamole 1.1.0 and older do not properly validate data
received from RDP servers via static virtual channels. If a user
connects to a malicious or