Real VNC 4.1.1 vulnerability – Remote Access without password



This is one worth checking out anybody using vnc for remote administration. It looks as though intelliadmin has come across a vulnerability in Real VNC 4 (the slashdot post I saw suggested “any machine running VNC 4.1″) I haven’t tested yet, so I don’t know if this ONLY affects REALVNC’s implementation or is broader. They have a proof of concept page which attempts to connect to the ip of the browser at the vnc port and display a screenshot. The site is getting slashdotted at the moment, so revisit this page and link until you get a chance to test out your VNC serving machines.


I’m particularly interested to test if it’s a VNC protocol, or an implementation issue. OK – a few minutes to read more detail. The vulnerability appears in Real VNC 4.1.1, it DOES NOT exist, according to the linked post, in either an older RealVNC 4.0, or UltraVNC or TightVNC.

It appears as though it is ONLY RealVNC 4.1.1 and Windows only was tested. The bug seems to be in the authentication process. Still, if you’re curious, check out the proof of concept link above. You need to connect FROM the machine running vnc server (server should be running…. that should be obvious I suppose…) AND also should be obvious, the vnc port should be accessible from the Internet. If they’re correct (and you’re running RealVNC 4.1.1), it should capture a screenshot and display for you.

RealVNC is the open source heir to the AT&T labs VNC project, they also develop commercial implementations of the VNC protocol. There are many offshoots of realvnc… ultravnc and tightvnc being the two most common. They are all generally compatible (core features compatible) using the vnc protocol.

–UPDATE 5/12/06–

Proof of concept that was down due to slashdotting is down permanently. Apparently they have confirmed the flaw (which was their objective…) They’re working with realvnc.com to solve the issue permanently. Keep an eye out for RealVNC 4.1.2……

–update 5/16/06–

There’s a bit more coverage of this now that news has spread of the vulnerability…. Security Focus details of the Real VNC 4.1.1 vulnerability and Sans has information on the VNC vulnerability now that exploits are available in the wild, snort detection signatures are too.

Most importantly…. RealVNC has security updates for their affected products. There doesn’t seem to be confirmation of other affected VNC versions.

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft security roundup OK - there have been a number of Excel problems floating around in the last week - week and a half. Securiteam blog has a FAQ on the Excel 0-day vulnerabilities with Excel and Excel Viewer Incidents.org kindly gives us a scoresheet documenting the three different vulnerabilities that have been......
  • Microsoft vulnerability whack-a-mole continues..... Translation - Microsoft patched one vulnerability another surfaces.... Incidents.org brings us the frustrating news.... If you remember the month of browser bugs series of exploits back in July, there was a denial of service there that appears to have code execution after all. Coincidence or not, it got publicly released......
  • Microsoft's quick response to network worms.... This is an ironic title because frankly, Microsoft has seemed to be slow in solutions for the recent zotob worm. Of course, they announced the vulnerability and accompanying update to solve the issue to begin with, but after the virus started propagating what do we see from Microsoft? They have......
Blog Traffic Exchange Related Websites
  • Microsoft Security Advisory (2286198): Vulnerability in Windows Shell Could Allow Remote Code Execution Vulnerability in Windows Shell Could Allow Remote Code Execution Published: July 16, 2010 Version: 1.0 General Information Executive Summary Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as......
  • Google Sandbox Tips [ad#adstext1] Here aret many questions on the Google sandbox that we've put together, feel free to add in or comments: Q – How do I know if I am in the sandbox? A – If your site is indexed by Google yet you do not rank in the top 1,000......
  • SecurityOrb’s Top 5 Cyber Security Threat Predictions for 2011 2010 was an attention-grabbing year in the information security industry.  We saw some interesting things such as Google alleged hack by China, Wikileaks and the issues with insider threat and hacktivism, Stuxnet advanced malware implementation and social networking site vulnerabilities as well as our share of zero-day attacks to name......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

2 Responses to “Real VNC 4.1.1 vulnerability – Remote Access without password”

  1. RealVNC 4.1.2 update to patch security vulnerability-- Avery J. Parker - Web site hosting and computer service Says:


    [...] A few hours back, I updated My first post on the RealVNC 4.1.1 vulnerability and just saw another story that did not specify WHICH variation of VNC was at risk. TightVNC and UltraVNC seem to be immune according to the discoverer of the flaw. And as far as I’ve seen, there hasn’t been any contradiction of that. [...]


Switch to our mobile site