7.5
CVSSv2

CVE-2012-4415

Published: 01/10/2012 Updated: 21/11/2024

Vulnerability Summary

Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole prior to 0.6.3 allows remote malicious users to cause a denial of service (crash) or execute arbitrary code via a long protocol name.

Vulnerable Product Search on Vulmon Subscribe to Product

fedoraproject fedora 16

fedoraproject fedora 17

guac-dev guacamole

guac-dev guacamole 0.5.0

guac-dev guacamole 0.6.0

Exploits

source: wwwsecurityfocuscom/bid/55497/info libguac is prone to a remote buffer-overflow vulnerability Attackers can exploit this issue to execute arbitrary code within the context of the affected application Failed exploit attempts will result in denial-of-service conditions #!/usr/bin/python # CVE-2012-4415: PoC for guacd buffer ov ...
Guacamole 060 contains a trivial buffer overflow vulnerability that allows connected users to execute code with the privileges of the guacd daemon In the Debian distribution the guacd 060-1 daemon runs as root and allows connections from unauthenticated users However, it fortunately only listens on localhost by default Proof of concept code ...