Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise
From: Joachim Schipper <j.schipper@xxxxxxxxxx>
Date: Mon, 15 May 2006 18:36:56 +0200
In-reply-to: <6D8BEE91433474478D294A8867FFDC6EE3F7BA@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mail-followup-to: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <4e17cb570605150156m3baf70d9gc3be9d51a8144fff@xxxxxxxxxxxxxx> <6D8BEE91433474478D294A8867FFDC6EE3F7BA@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.11

On Mon, May 15, 2006 at 07:58:10AM -0500, Dixon, Wayne wrote:
> So what can be done about this exploit?  Does 4.1.2 protect against this
> vulnerability?  And what other mitigation procedures are available for
> this?

The best solution is not to run a VNC service using no more than it's
own authentication. Most offer only password auth, which is quite simply
insufficient. Use some auth scheme based on certificates or somesuch -
ssh, IPSec and OpenVPN all offer this capability.

                Joachim

References:
- RealVNC 4.1.1 Remote Compromise
  - From: James Evans

Prev by Date: XSS in orkut.com
Next by Date: FrontRange iHeat Vulnerability
Previous by thread: RealVNC 4.1.1 Remote Compromise
Next by thread: re: RealVNC 4.1.1 Remote Compromise
Index(es):
- Date
- Thread