Sign-up

ID

VAR-201210-0342


CVE

CVE-2012-4415


TITLE

Guacamole of libguac Vulnerable to stack-based buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2012-004659

DESCRIPTION

Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name. libguac is prone to a remote buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions

Trust: 1.89

sources: NVD: CVE-2012-4415 // JVNDB: JVNDB-2012-004659 // BID: 55497

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:17

Trust: 1.6

vendor:fedoraprojectmodel:fedorascope:eqversion:16

Trust: 1.6

vendor:guac devmodel:guacamolescope:eqversion:0.5.0

Trust: 1.0

vendor:guac devmodel:guacamolescope:eqversion:0.6.0

Trust: 1.0

vendor:guac devmodel:guacamolescope:lteversion:0.6.2

Trust: 1.0

vendor:apachemodel:guacamolescope:ltversion:0.6.3

Trust: 0.8

sources: JVNDB: JVNDB-2012-004659 // CNNVD: CNNVD-201209-507 // NVD: CVE-2012-4415

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4415
value: HIGH

Trust: 1.0

NVD: CVE-2012-4415
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201209-507
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2012-4415
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2012-004659 // CNNVD: CNNVD-201209-507 // NVD: CVE-2012-4415

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2012-004659 // NVD: CVE-2012-4415

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201209-507

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201209-507

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-004659

PATCH
title:Changeset 7dcefa7 in libguacurl:https://glyptodon.org/jira/projects/GUAC/issues/GUAC-1510?filter=allopenissues
Trust: 0.8
title:Top Pageurl:http://guacamole.apache.org/
Trust: 0.8
title:FEDORA-2012-14097url:http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088272.html
Trust: 0.8
title:FEDORA-2012-14179url:http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088218.html
Trust: 0.8
title:FEDORA-2012-13914url:http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088031.html
Trust: 0.8
title:Bug 856743url:https://bugzilla.redhat.com/show_bug.cgi?id=856743
Trust: 0.8
title:Fedora-17-x86_64-Live-Desktopurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44974
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2012-004659 // 
            
            
            
            CNNVD: CNNVD-201209-507

EXTERNAL IDS
db:NVDid:CVE-2012-4415
Trust: 2.7
db:BIDid:55497
Trust: 1.9
db:OPENWALLid:OSS-SECURITY/2012/09/11/7
Trust: 1.6
db:OPENWALLid:OSS-SECURITY/2012/09/11/3
Trust: 1.6
db:JVNDBid:JVNDB-2012-004659
Trust: 0.8
db:FEDORAid:FEDORA-2012-14179
Trust: 0.6
db:FEDORAid:FEDORA-2012-13914
Trust: 0.6
db:FEDORAid:FEDORA-2012-14097
Trust: 0.6
db:MLISTid:[OSS-SECURITY] 20120911 CVE ID REQUEST: GUACD
Trust: 0.6
db:MLISTid:[OSS-SECURITY] 20120911 RE: CVE ID REQUEST: GUACD
Trust: 0.6
db:BUGTRAQid:20120924 CVE-2012-4415: GUACAMOLE LOCAL ROOT VULNERABILITY
Trust: 0.6
db:CNNVDid:CNNVD-201209-507
Trust: 0.6
sources:
            
            
            BID: 55497 // 
            
            
            
            JVNDB: JVNDB-2012-004659 // 
            
            
            
            CNNVD: CNNVD-201209-507 // 
            
            
            
            NVD: CVE-2012-4415

REFERENCES
url:http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac
Trust: 1.9
url:https://bugzilla.redhat.com/show_bug.cgi?id=856743
Trust: 1.6
url:http://www.securityfocus.com/bid/55497
Trust: 1.6
url:http://www.openwall.com/lists/oss-security/2012/09/11/7
Trust: 1.6
url:http://www.openwall.com/lists/oss-security/2012/09/11/3
Trust: 1.6
url:http://lists.fedoraproject.org/pipermail/package-announce/2012-september/088272.html
Trust: 1.6
url:http://lists.fedoraproject.org/pipermail/package-announce/2012-september/088218.html
Trust: 1.6
url:http://lists.fedoraproject.org/pipermail/package-announce/2012-september/088031.html
Trust: 1.6
url:http://archives.neohapsis.com/archives/bugtraq/2012-09/0107.html
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4415
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4415
Trust: 0.8
url:http://guac-dev.org/libguac
Trust: 0.3
url:/archive/1/524224
Trust: 0.3
sources:
            
            
            BID: 55497 // 
            
            
            
            JVNDB: JVNDB-2012-004659 // 
            
            
            
            CNNVD: CNNVD-201209-507 // 
            
            
            
            NVD: CVE-2012-4415

CREDITS
Michael Jumper
Trust: 0.9
sources:
            
            
            BID: 55497 // 
            
            
            
            CNNVD: CNNVD-201209-507

SOURCES
db:BIDid:55497
db:JVNDBid:JVNDB-2012-004659
db:CNNVDid:CNNVD-201209-507
db:NVDid:CVE-2012-4415

LAST UPDATE DATE
2024-11-23T23:02:53.375000+00:00

SOURCES UPDATE DATE
db:BIDid:55497date:2015-04-13T20:58:00
db:JVNDBid:JVNDB-2012-004659date:2012-10-02T00:00:00
db:CNNVDid:CNNVD-201209-507date:2012-10-09T00:00:00
db:NVDid:CVE-2012-4415date:2024-11-21T01:42:50.190

SOURCES RELEASE DATE
db:BIDid:55497date:2012-09-11T00:00:00
db:JVNDBid:JVNDB-2012-004659date:2012-10-02T00:00:00
db:CNNVDid:CNNVD-201209-507date:2012-09-26T00:00:00
db:NVDid:CVE-2012-4415date:2012-10-01T03:26:16.210