Published: 01/10/2012 Updated: 01/10/2012
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole prior to 0.6.3 allows remote malicious users to cause a denial of service (crash) or execute arbitrary code via a long protocol name.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

fedoraproject fedora 16

fedoraproject fedora 17

guac-dev guacamole

guac-dev guacamole 0.6.0

guac-dev guacamole 0.5.0


source: wwwsecurityfocuscom/bid/55497/info libguac is prone to a remote buffer-overflow vulnerability Attackers can exploit this issue to execute arbitrary code within the context of the affected application Failed exploit attempts will result in denial-of-service conditions #!/usr/bin/python # CVE-2012-4415: PoC for guacd buffer ov ...

Mailing Lists

Guacamole 060 contains a trivial buffer overflow vulnerability that allows connected users to execute code with the privileges of the guacd daemon In the Debian distribution the guacd 060-1 daemon runs as root and allows connections from unauthenticated users However, it fortunately only listens on localhost by default Proof of concept code ...