Real VNC 4.1.1 vulnerability – Remote Access without password



This is one worth checking out anybody using vnc for remote administration. It looks as though intelliadmin has come across a vulnerability in Real VNC 4 (the slashdot post I saw suggested “any machine running VNC 4.1″) I haven’t tested yet, so I don’t know if this ONLY affects REALVNC’s implementation or is broader. They have a proof of concept page which attempts to connect to the ip of the browser at the vnc port and display a screenshot. The site is getting slashdotted at the moment, so revisit this page and link until you get a chance to test out your VNC serving machines.


I’m particularly interested to test if it’s a VNC protocol, or an implementation issue. OK – a few minutes to read more detail. The vulnerability appears in Real VNC 4.1.1, it DOES NOT exist, according to the linked post, in either an older RealVNC 4.0, or UltraVNC or TightVNC.

It appears as though it is ONLY RealVNC 4.1.1 and Windows only was tested. The bug seems to be in the authentication process. Still, if you’re curious, check out the proof of concept link above. You need to connect FROM the machine running vnc server (server should be running…. that should be obvious I suppose…) AND also should be obvious, the vnc port should be accessible from the Internet. If they’re correct (and you’re running RealVNC 4.1.1), it should capture a screenshot and display for you.

RealVNC is the open source heir to the AT&T labs VNC project, they also develop commercial implementations of the VNC protocol. There are many offshoots of realvnc… ultravnc and tightvnc being the two most common. They are all generally compatible (core features compatible) using the vnc protocol.

–UPDATE 5/12/06–

Proof of concept that was down due to slashdotting is down permanently. Apparently they have confirmed the flaw (which was their objective…) They’re working with realvnc.com to solve the issue permanently. Keep an eye out for RealVNC 4.1.2……

–update 5/16/06–

There’s a bit more coverage of this now that news has spread of the vulnerability…. Security Focus details of the Real VNC 4.1.1 vulnerability and Sans has information on the VNC vulnerability now that exploits are available in the wild, snort detection signatures are too.

Most importantly…. RealVNC has security updates for their affected products. There doesn’t seem to be confirmation of other affected VNC versions.

Related Posts

Blog Traffic Exchange Related Posts
  • Wireless Driver Vulnerabilities There are a couple notes to pass along with regards to some pretty serious vulnerabilities in various wireless network adapter drivers. First, Sans has information on some Intel Centrino updates that resolve some vulnerabilities that would affect the Windows Centrino driver and the ProSet management software. F-secure chimes in on......
  • Microsoft November 2005 patch day That most wonderful day of the month has come when we get an idea of what vulnerabilities we may see exploited.... Seriously, if you run Windows, go to windowsupdate.microsoft.com or ensure you have automatic updates if at all possible. This months most critical update relates to a vulnerability in the......
  • Vista's fatal flaw? Backwards compatibility. It's something that many vendors strive for and Microsoft is certainly one that has placed a value on making things backwards compatible for third party software. According to this story at Sci-Tech Today, Symantec thinks this eagerness to be backwards compatible may be a big issue for Vista's......
Blog Traffic Exchange Related Websites
  • Microsoft Security Advisory (2286198): Vulnerability in Windows Shell Could Allow Remote Code Execution Vulnerability in Windows Shell Could Allow Remote Code Execution Published: July 16, 2010 Version: 1.0 General Information Executive Summary Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as......
  • Ways to Display Your Coin Collection Your coin collection is an incredible body of work, a collection of different types of miniature art that are as fun to look at as they are to collect. Coin collecting is not the only important and enjoyable part of the overall collecting process, as displaying your collection can be......
  • Adobe confirms PDF zero-day, plans rush patch By Gregg Keizer | Computerworld | InfoWorld Adobe today said it would issue an emergency patch the week of Aug. 16 to fix a critical flaw in its Reader and Acrobat software. The bug was disclosed by researcher Charlie Miller at last month's Black Hat security conference when he demonstrated how......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

2 Responses to “Real VNC 4.1.1 vulnerability – Remote Access without password”

  1. RealVNC 4.1.2 update to patch security vulnerability-- Avery J. Parker - Web site hosting and computer service Says:


    [...] A few hours back, I updated My first post on the RealVNC 4.1.1 vulnerability and just saw another story that did not specify WHICH variation of VNC was at risk. TightVNC and UltraVNC seem to be immune according to the discoverer of the flaw. And as far as I’ve seen, there hasn’t been any contradiction of that. [...]


Switch to our mobile site