Lucene search

K
nessusThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-2435.NASL
HistoryNov 09, 2020 - 12:00 a.m.

Debian DLA-2435-1 : guacamole-server security update

2020-11-0900:00:00
This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20

The server component of Apache Guacamole, a remote desktop gateway, did not properly validate data received from RDP servers. This could result in information disclosure or even the execution of arbitrary code.

CVE-2020-9497

Apache Guacamole does not properly validate data received from RDP servers via static virtual channels. If a user connects to a malicious or compromised RDP server, specially crafted PDUs could result in disclosure of information within the memory of the guacd process handling the connection.

CVE-2020-9498

Apache Guacamole may mishandle pointers involved in processing data received via RDP static virtual channels. If a user connects to a malicious or compromised RDP server, a series of specially crafted PDUs could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.

For Debian 9 stretch, these problems have been fixed in version 0.9.9-2+deb9u1.

We recommend that you upgrade your guacamole-server packages.

For the detailed security status of guacamole-server please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/guacamole-server

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-2435-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(142632);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/11/20");

  script_cve_id("CVE-2020-9497", "CVE-2020-9498");

  script_name(english:"Debian DLA-2435-1 : guacamole-server security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The server component of Apache Guacamole, a remote desktop gateway,
did not properly validate data received from RDP servers. This could
result in information disclosure or even the execution of arbitrary
code.

CVE-2020-9497

Apache Guacamole does not properly validate data received from RDP
servers via static virtual channels. If a user connects to a malicious
or compromised RDP server, specially crafted PDUs could result in
disclosure of information within the memory of the guacd process
handling the connection.

CVE-2020-9498

Apache Guacamole may mishandle pointers involved in processing data
received via RDP static virtual channels. If a user connects to a
malicious or compromised RDP server, a series of specially crafted
PDUs could result in memory corruption, possibly allowing arbitrary
code to be executed with the privileges of the running guacd process.

For Debian 9 stretch, these problems have been fixed in version
0.9.9-2+deb9u1.

We recommend that you upgrade your guacamole-server packages.

For the detailed security status of guacamole-server please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/guacamole-server

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2020/11/msg00010.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/stretch/guacamole-server"
  );
  # https://security-tracker.debian.org/tracker/source-package/guacamole-server
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7763c5e7"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-9498");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:guacd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libguac-client-rdp0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libguac-client-ssh0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libguac-client-telnet0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libguac-client-vnc0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libguac-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libguac11");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/11/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/11/09");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"9.0", prefix:"guacd", reference:"0.9.9-2+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libguac-client-rdp0", reference:"0.9.9-2+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libguac-client-ssh0", reference:"0.9.9-2+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libguac-client-telnet0", reference:"0.9.9-2+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libguac-client-vnc0", reference:"0.9.9-2+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libguac-dev", reference:"0.9.9-2+deb9u1")) flag++;
if (deb_check(release:"9.0", prefix:"libguac11", reference:"0.9.9-2+deb9u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Related for DEBIAN_DLA-2435.NASL