RealVNC 4.1.1 and prior exploits on the loose



As reported over the last several days, there is a critical problem with RealVNC 4.1.1, there is NOW an exploit in the wild for RealVNC 4.1.1, that SANS is looking for more information on. There are updates from RealVNC for all affected product lines. Other VNC implementations have not been reported to be affected. Only (as far as I know), RealVNC 4.1.1 on Windows (prior versions may be, but the initial report didn’t indicate 4.1.0 to be vulnerable.) Don’t take the last sentence to give an excuse NOT to check, check if you have updates for your vnc product.


Here are some samples from incidents.org…

Austin from the UK reports that all shared printers in his office stated to print:
Dear Network Administrator.

Please do not be alarmed.

My team is network security specialist.

You are using a vulnerable version of VNC.

Please upgrade your version soon.

We have not accessed your data but we could have.

Have a nice day

The intrusion reportedly happened on a workstation where a visitor left a VNC server running.

He notes that “RealVNC logs all connection IP addresses in the event manager which some people didn’t know”.

An Anonymous report about the installation of typical tools installed by the warez and hacker crowd such as Serv-U and pwdump.

Update….

Related Posts

Blog Traffic Exchange Related Posts
  • Mozilla Firefox 1.0x series end of life.... The Mozilla Firefox 1.0.x series will no longer be supported with security updates. IF you use Firefox as your web browser, make sure you're using the current version in the 1.5 series (currently 1.5.0.3). You can find what your current version is by going to Help, "About Mozilla Firefox". The......
  • Zeroday Internet Explorer vulnerability update The infocon level at incidents.org has been lowered back to green although there is still no patch for this issue from Microsoft and the threat still exists. They like to use the higher level to get attention to an issue, but not leave it on higher alert level for extended......
  • Sun java update process vulnerable The Java Runtime Environment from Sun has a vulnerability that's due in large part to a poor approach to updating it. IF you have not uninstalled previous versions of the JRE on your PC, they are likely still there EVEN after an update AND to make things even worse, a......
Blog Traffic Exchange Related Websites
  • 5 Free Security Softwares - Must Use Here are 5 Free Security Softwares that you can use to combat your fear against Adwares, Viruses, Trojans, etc. 1.Avast Home Edition: Best Free Antivirus Avast is one of the best antiviruses I recommend to my friends. It is free and has many features which many of the Antiviruses lack.......
  • Recommendations On Selecting The Best Network Monitoring Software For Your Business If you plan on buying software for network monitoring, there are some things you should remember about, which will help you choose the best program to fit your needs and your company. This will also allow you run your company smoothly and will increase the productivity. So, here are some......
  • Regularly Checking your Credit Score is Vital In these financial times which are clearly tumultuous and tight, it is absolutely vital that you take the time and make the effort to check on your credit report and credit score on a regular basis. This statement is more true today than ever before, because we live in a......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site