I hadn't seen this posted before. I know a lot of admins use VNC for remote administration of both Unix and Windows systems. This is a pretty serious flaw.
The link for the proof of concept is here .
I haven't tested this against Unix systems running VNC yet, as I hace none readily available here. If you use use it on Unix/Linux/OSX, you might want to test against it. I'd appreciate any results against same to he posted here, as I am sure others would as well.
This was posted on Slashdot as well.
1 posted on
05/11/2006 9:26:43 PM PDT by
zeugma
To: N3WBI3; ShadowAce
Tech ping please for those interested.
2 posted on
05/11/2006 9:27:20 PM PDT by
zeugma
(Come to the Dark Side... We have cookies!)
To: zeugma
So they want you to click on a link that will let them connect back to your machine and try to connect to your VNC server? To see if you have the bug?
Hmmmmmm...
3 posted on
05/11/2006 9:42:10 PM PDT by
mhx
To: zeugma
no, everybody knows osx is immune from worldly flaws, didn't you get the memo? /s
4 posted on
05/11/2006 10:10:09 PM PDT by
kinoxi
To: zeugma
thank you. thank you, thank you, thank you.
5 posted on
05/11/2006 11:04:07 PM PDT by
johnboy
To: nnn0jeh
6 posted on
05/11/2006 11:24:20 PM PDT by
kalee
To: zeugma
Irk. I use this utility on all of my PCs. Fortunately, I don't open that port to the outside world-- just internal to the network.
8 posted on
05/12/2006 5:20:54 AM PDT by
Egon
(We are number one! All others are number two... or lower.)
To: zeugma
The Slapdash article was typical crap, though - what wasn't mentioned was that only RealVNC (and only this specific version of RealVNC) is affected. TightVNC and Ultr@VNC and other versions of RealVNC are not affected at all. Stupid fearmongering by the editors over there, but that's not exactly new ;)
To: zeugma
BTW, I have unused moderator points over there that expire this afternoon, so anyone that wants a bump, let me know :)
To: zeugma
VNC is only safe over SSH
Having a port/machine open for VNC, even w/VCN authentication, is silly.
12 posted on
05/12/2006 7:19:23 AM PDT by
kpp_kpp
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson