Parallel Code Security: The Challenge of Concurrency

This article discusses the second critical vulnerability in Apache Guacamole's remote desktop gateway. The first article explained a parser differential vulnerability (CVE-2023-30575). In this article, we dive into concurrency issues and glibc heap exploitation to gain remote code execution. Parallelism is a source of severe security vulnerabilities, with challenges arising when the same resource needs simultaneous access. Guacamole's architecture employs many threads for handling user connections, initiating internal host connections, and communicating with parent processes. The audio input feature was found to have a Use-After-Free vulnerability (CVE-2023-30576) when the RDP connection is established, and the user disconnects before the RDP host closes the audio input channel. Exploiting this vulnerability involves leveraging glibc's heap internals to craft valid data structures without reallocation or using connection sharing to gain code execution on the Guacamole Server. The article concludes by emphasizing the importance of addressing parallelism-related security issues and acknowledges the quick response from Guacamole maintainers in providing a comprehensive patch.