CVE-2020-9498: 
Apache Guacamole vulnerability analysis and mitigation

Apache Guacamole version 1.1.0 and older contains a vulnerability identified as CVE-2020-9498, discovered in March 2020. The vulnerability involves mishandling of pointers during the processing of data received via RDP static virtual channels. This security flaw affects the guacamole-server component, which is a critical part of the Apache Guacamole remote desktop gateway system (CVE Details).

The vulnerability stems from a dangling pointer issue in the RDP static virtual channel handling. Specifically, when handling channel fragments in the guaccommonsvc.c file, the code fails to properly manage stream objects after they are freed. When a fragmented message finishes reassembly and is parsed, the stream is freed without setting the dangling pointer to NULL, resulting in a Use-After-Free condition. This vulnerability can be exploited through specially-crafted PDUs sent from a malicious RDP server (Checkpoint Research).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code with the privileges of the running guacd process. The impact is particularly severe in remote work scenarios, as it could enable an attacker who has compromised a machine inside the organization to take control of the gateway that handles all remote sessions into the network, potentially gaining access to all connected sessions and credentials (Checkpoint Research).

The vulnerability was patched in Apache Guacamole version 1.2.0, released on June 28, 2020. Organizations are strongly advised to upgrade to this version or later to protect against this vulnerability. The fix includes proper pointer handling in the RDP static virtual channel code (Checkpoint Research).