This is a problem for version 4.1.1 only, so if you have earlier versions you
must not worry about it.
http://isc.sans.org/diary.php?storyid=1331
Jose Ramirez
Quoting Ray Van Dolson <[EMAIL PROTECTED]>:
On Mon, Jun 05, 2006 at 05:33:29PM -0600, Kurt Seifried wrote:
>How is it that even thou
On 6/6/06, Kurt Seifried <[EMAIL PROTECTED]> wrote:
> How is it that even though this vulnerability has been known now for
> some time, Red Hat still has not issued a new package or security update
> that addresses this? On RHN, the most recent package I can find is
> 4.0.0 beta and the most rec
On Mon, Jun 05, 2006 at 05:33:29PM -0600, Kurt Seifried wrote:
> >How is it that even though this vulnerability has been known now for
> >some time, Red Hat still has not issued a new package or security update
> >that addresses this? On RHN, the most recent package I can find is
> >4.0.0 beta and
How is it that even though this vulnerability has been known now for
some time, Red Hat still has not issued a new package or security update
that addresses this? On RHN, the most recent package I can find is
4.0.0 beta and the most recent security patch for VNC dates back to
December 2004. Sinc
How is it that even though this vulnerability has been known now for
some time, Red Hat still has not issued a new package or security update
that addresses this? On RHN, the most recent package I can find is
4.0.0 beta and the most recent security patch for VNC dates back to
December 2004. Since
I hacked your code into something multi-threaded--enjoy.
- Matt
#!/usr/bin/perl
# Multi-threaded scan for OpenVNC 4.11 authentication bypass.
# Based on Tyler Krpata's Perl scanning code.
use strict;
use warnings;
use IO::Socket;
use threads;
use threads::shared;
use Errno qw(EAGAIN);
# Config
Here's a real quick vulnerability check in Perl...I think someone else
put out another scanner, but there was no source provided and it wasn't
working right for me.
#!/usr/bin/perl
# scan for OpenVNC 4.1
On Mon, May 15, 2006 at 07:58:10AM -0500, Dixon, Wayne wrote:
> So what can be done about this exploit? Does 4.1.2 protect against this
> vulnerability? And what other mitigation procedures are available for
> this?
The best solution is not to run a VNC service using no more than it's
own authen
Wow, 1 line of code addition to exploit:
secType=1;
Since I'm sure many have already discovered this (since it is so
trivial), I leave it up to the devious reader to find out where to
insert this.
BTW: RealVNC 4.1.2 is not affected by this bug.
** Disclaimer: If you find out how to exp
To share information about the new Release Notes document:
this issue has been fixed in version 4.1.2 (Free Edition)
http://www.realvnc.com/products/free/4.1/release-notes.html
http://www.realvnc.com/download.html
- Juha-Matti
Rumors of this bug began spreading on Slashdot and other sites, thanks
to Steve Wiseman of intelliadmin.com who serendipitously discovered it
while writing a VNC client. At first it was only a rumor, as Steve's
site gave scant details and he himself was surprised such a huge hole
could possibly ex
11 matches
Mail list logo