Real VNC 4.1.1 vulnerability – Remote Access without password



This is one worth checking out anybody using vnc for remote administration. It looks as though intelliadmin has come across a vulnerability in Real VNC 4 (the slashdot post I saw suggested “any machine running VNC 4.1″) I haven’t tested yet, so I don’t know if this ONLY affects REALVNC’s implementation or is broader. They have a proof of concept page which attempts to connect to the ip of the browser at the vnc port and display a screenshot. The site is getting slashdotted at the moment, so revisit this page and link until you get a chance to test out your VNC serving machines.


I’m particularly interested to test if it’s a VNC protocol, or an implementation issue. OK – a few minutes to read more detail. The vulnerability appears in Real VNC 4.1.1, it DOES NOT exist, according to the linked post, in either an older RealVNC 4.0, or UltraVNC or TightVNC.

It appears as though it is ONLY RealVNC 4.1.1 and Windows only was tested. The bug seems to be in the authentication process. Still, if you’re curious, check out the proof of concept link above. You need to connect FROM the machine running vnc server (server should be running…. that should be obvious I suppose…) AND also should be obvious, the vnc port should be accessible from the Internet. If they’re correct (and you’re running RealVNC 4.1.1), it should capture a screenshot and display for you.

RealVNC is the open source heir to the AT&T labs VNC project, they also develop commercial implementations of the VNC protocol. There are many offshoots of realvnc… ultravnc and tightvnc being the two most common. They are all generally compatible (core features compatible) using the vnc protocol.

–UPDATE 5/12/06–

Proof of concept that was down due to slashdotting is down permanently. Apparently they have confirmed the flaw (which was their objective…) They’re working with realvnc.com to solve the issue permanently. Keep an eye out for RealVNC 4.1.2……

–update 5/16/06–

There’s a bit more coverage of this now that news has spread of the vulnerability…. Security Focus details of the Real VNC 4.1.1 vulnerability and Sans has information on the VNC vulnerability now that exploits are available in the wild, snort detection signatures are too.

Most importantly…. RealVNC has security updates for their affected products. There doesn’t seem to be confirmation of other affected VNC versions.

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft security roundup OK - there have been a number of Excel problems floating around in the last week - week and a half. Securiteam blog has a FAQ on the Excel 0-day vulnerabilities with Excel and Excel Viewer Incidents.org kindly gives us a scoresheet documenting the three different vulnerabilities that have been......
  • Sun java update process vulnerable The Java Runtime Environment from Sun has a vulnerability that's due in large part to a poor approach to updating it. IF you have not uninstalled previous versions of the JRE on your PC, they are likely still there EVEN after an update AND to make things even worse, a......
  • Update on the Internet Explorer VML vulnerability Just catching up on the days VML vulnerability news from today.... It looks as though... the exploit is now MUCH more widespread this blog has some video of an infection, what's notable is that the first take was VERY UNEVENTFUL, it was used to stealthily install a keylogger. (So that......
Blog Traffic Exchange Related Websites
  • Google Sandbox Tips [ad#adstext1] Here aret many questions on the Google sandbox that we've put together, feel free to add in or comments: Q – How do I know if I am in the sandbox? A – If your site is indexed by Google yet you do not rank in the top 1,000......
  • Ways to Display Your Coin Collection Your coin collection is an incredible body of work, a collection of different types of miniature art that are as fun to look at as they are to collect. Coin collecting is not the only important and enjoyable part of the overall collecting process, as displaying your collection can be......
  • Adobe confirms PDF zero-day, plans rush patch By Gregg Keizer | Computerworld | InfoWorld Adobe today said it would issue an emergency patch the week of Aug. 16 to fix a critical flaw in its Reader and Acrobat software. The bug was disclosed by researcher Charlie Miller at last month's Black Hat security conference when he demonstrated how......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

2 Responses to “Real VNC 4.1.1 vulnerability – Remote Access without password”

  1. RealVNC 4.1.2 update to patch security vulnerability-- Avery J. Parker - Web site hosting and computer service Says:


    [...] A few hours back, I updated My first post on the RealVNC 4.1.1 vulnerability and just saw another story that did not specify WHICH variation of VNC was at risk. TightVNC and UltraVNC seem to be immune according to the discoverer of the flaw. And as far as I’ve seen, there hasn’t been any contradiction of that. [...]


Switch to our mobile site