Real VNC 4.1.1 vulnerability – Remote Access without password



This is one worth checking out anybody using vnc for remote administration. It looks as though intelliadmin has come across a vulnerability in Real VNC 4 (the slashdot post I saw suggested “any machine running VNC 4.1″) I haven’t tested yet, so I don’t know if this ONLY affects REALVNC’s implementation or is broader. They have a proof of concept page which attempts to connect to the ip of the browser at the vnc port and display a screenshot. The site is getting slashdotted at the moment, so revisit this page and link until you get a chance to test out your VNC serving machines.


I’m particularly interested to test if it’s a VNC protocol, or an implementation issue. OK – a few minutes to read more detail. The vulnerability appears in Real VNC 4.1.1, it DOES NOT exist, according to the linked post, in either an older RealVNC 4.0, or UltraVNC or TightVNC.

It appears as though it is ONLY RealVNC 4.1.1 and Windows only was tested. The bug seems to be in the authentication process. Still, if you’re curious, check out the proof of concept link above. You need to connect FROM the machine running vnc server (server should be running…. that should be obvious I suppose…) AND also should be obvious, the vnc port should be accessible from the Internet. If they’re correct (and you’re running RealVNC 4.1.1), it should capture a screenshot and display for you.

RealVNC is the open source heir to the AT&T labs VNC project, they also develop commercial implementations of the VNC protocol. There are many offshoots of realvnc… ultravnc and tightvnc being the two most common. They are all generally compatible (core features compatible) using the vnc protocol.

–UPDATE 5/12/06–

Proof of concept that was down due to slashdotting is down permanently. Apparently they have confirmed the flaw (which was their objective…) They’re working with realvnc.com to solve the issue permanently. Keep an eye out for RealVNC 4.1.2……

–update 5/16/06–

There’s a bit more coverage of this now that news has spread of the vulnerability…. Security Focus details of the Real VNC 4.1.1 vulnerability and Sans has information on the VNC vulnerability now that exploits are available in the wild, snort detection signatures are too.

Most importantly…. RealVNC has security updates for their affected products. There doesn’t seem to be confirmation of other affected VNC versions.

Related Posts

Blog Traffic Exchange Related Posts
  • Wireless Driver Vulnerabilities There are a couple notes to pass along with regards to some pretty serious vulnerabilities in various wireless network adapter drivers. First, Sans has information on some Intel Centrino updates that resolve some vulnerabilities that would affect the Windows Centrino driver and the ProSet management software. F-secure chimes in on......
  • Microsoft's quick response to network worms.... This is an ironic title because frankly, Microsoft has seemed to be slow in solutions for the recent zotob worm. Of course, they announced the vulnerability and accompanying update to solve the issue to begin with, but after the virus started propagating what do we see from Microsoft? They have......
  • Sun java update process vulnerable The Java Runtime Environment from Sun has a vulnerability that's due in large part to a poor approach to updating it. IF you have not uninstalled previous versions of the JRE on your PC, they are likely still there EVEN after an update AND to make things even worse, a......
Blog Traffic Exchange Related Websites
  • Microsoft Security Advisory (2286198): Vulnerability in Windows Shell Could Allow Remote Code Execution Vulnerability in Windows Shell Could Allow Remote Code Execution Published: July 16, 2010 Version: 1.0 General Information Executive Summary Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as......
  • Internal IT Security Threat Internal users continue to be the torn in system and security administrator's side. This is the case for many reasons. One, they have knowledge of the networking recourses. Two, they have credentials to access various systems on the network and third, most security controls defend against external entities as compared......
  • Adobe confirms PDF zero-day, plans rush patch By Gregg Keizer | Computerworld | InfoWorld Adobe today said it would issue an emergency patch the week of Aug. 16 to fix a critical flaw in its Reader and Acrobat software. The bug was disclosed by researcher Charlie Miller at last month's Black Hat security conference when he demonstrated how......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

2 Responses to “Real VNC 4.1.1 vulnerability – Remote Access without password”

  1. RealVNC 4.1.2 update to patch security vulnerability-- Avery J. Parker - Web site hosting and computer service Says:


    [...] A few hours back, I updated My first post on the RealVNC 4.1.1 vulnerability and just saw another story that did not specify WHICH variation of VNC was at risk. TightVNC and UltraVNC seem to be immune according to the discoverer of the flaw. And as far as I’ve seen, there hasn’t been any contradiction of that. [...]


Switch to our mobile site