RealVNC 4.1.1 and prior exploits on the loose



As reported over the last several days, there is a critical problem with RealVNC 4.1.1, there is NOW an exploit in the wild for RealVNC 4.1.1, that SANS is looking for more information on. There are updates from RealVNC for all affected product lines. Other VNC implementations have not been reported to be affected. Only (as far as I know), RealVNC 4.1.1 on Windows (prior versions may be, but the initial report didn’t indicate 4.1.0 to be vulnerable.) Don’t take the last sentence to give an excuse NOT to check, check if you have updates for your vnc product.


Here are some samples from incidents.org…

Austin from the UK reports that all shared printers in his office stated to print:
Dear Network Administrator.

Please do not be alarmed.

My team is network security specialist.

You are using a vulnerable version of VNC.

Please upgrade your version soon.

We have not accessed your data but we could have.

Have a nice day

The intrusion reportedly happened on a workstation where a visitor left a VNC server running.

He notes that “RealVNC logs all connection IP addresses in the event manager which some people didn’t know”.

An Anonymous report about the installation of typical tools installed by the warez and hacker crowd such as Serv-U and pwdump.

Update….

Related Posts

Blog Traffic Exchange Related Posts
  • Wireless Driver Vulnerabilities There are a couple notes to pass along with regards to some pretty serious vulnerabilities in various wireless network adapter drivers. First, Sans has information on some Intel Centrino updates that resolve some vulnerabilities that would affect the Windows Centrino driver and the ProSet management software. F-secure chimes in on......
  • OTHER Sony DRM software has security flaws too. You almost want to bury your head in the sand at this point if you're Sony.... Freedom-to-tinker has some details. The last couple weeks the XCP copy protection that Sony uses has been the center of a Firestorm for rootkit capabilities and massive security problems. Well, it seems the OTHER......
  • Targetting the OS is old hat.... The Register sums up the Black Hat briefings pretty well. The Operating System level has received a lot of scrutiny in recent years for security flaws and as a result there has been a good deal of improvement there and so now, researchers are heading to the low hanging fruit......
Blog Traffic Exchange Related Websites
  • Google Adsense 1. Google Adsense stuff I've heard that Google have been getting tough on Adsense sites recently, investigating sites displaying Adsense and removing ones which don't meet the criteria. You see, what's happening is that people are getting approved for one site, then adding the code to other sites they own.......
  • 5 Free Security Softwares - Must Use Here are 5 Free Security Softwares that you can use to combat your fear against Adwares, Viruses, Trojans, etc. 1.Avast Home Edition: Best Free Antivirus Avast is one of the best antiviruses I recommend to my friends. It is free and has many features which many of the Antiviruses lack.......
  • Ethical Vulnerability Disclosure The debate on whether vulnerabilities should be disclosed to force a vendor to fix the problem in a reasonable period or kept covert until a fix has been implemented has been a big discussion in the Information Security field. Black Hats, White Hats and even Grey Hats have their opinions.......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site