Micron
21-05-2006, 11:19 PM
We recommend RealVNC but have learned of a security issue. You will be ok if you have the latest updates...
RealVNC Server does not validate client authentication method Overview
The RealVNC Server fails to properly authenticate clients. This may allow a remote attacker to bypass authentication and gain access to the VNC server.
I. Description
The Virtual Network Computing (VNC) Protocol
According to RealVNC, "The VNC protocol is a simple protocol for remote access to graphical user interfaces."
RealVNC is an implementation of the VNC protocol.
The Problem
The RealVNC Server fails to properly authenticate clients. When a RealVNC client connects to a RealVNC server, the server provides a list of supported authentication methods. By design, the client then selects a method from the list. Due to an implementation flaw, if the client specifies that no (null) authentication should be used, the server accepts this method and authenticates the client, whether or not null authentication was offered by the server.
Note: that exploit code for this vulnerability is publicly available.
II. Impact
A remote, unauthenticated attacker could gain access to a system running RealVNC server. If the RealVNC server runs with administrative privileges, the attacker could gain complete control of the system.
III. Solution
Upgrade
This issue is corrected in RealVNC version 4.1.2, RealVNC Personal Edition 4.2.3, and RealVNC Enterprise Edition 4.2.3. Refer to the RealVNC Downloads site to get a patched version.
Systems Affected
Vendor Status Date Updated
RealVNC Vulnerable 16-May-2006
Red Hat, Inc. Not Vulnerable 17-May-2006
References
http://secunia.com/advisories/20107/
http://www.realvnc.com/howitworks.html
http://www.realvnc.com/products/free/4.1/release-notes.html
http://www.realvnc.com/products/personal/4.2/release-notes.html
http://www.realvnc.com/products/enterprise/4.2/release-notes.html
http://marc.theaimsgroup.com/?l=bugtraq&m=114771408013890&w=2
RealVNC Server does not validate client authentication method Overview
The RealVNC Server fails to properly authenticate clients. This may allow a remote attacker to bypass authentication and gain access to the VNC server.
I. Description
The Virtual Network Computing (VNC) Protocol
According to RealVNC, "The VNC protocol is a simple protocol for remote access to graphical user interfaces."
RealVNC is an implementation of the VNC protocol.
The Problem
The RealVNC Server fails to properly authenticate clients. When a RealVNC client connects to a RealVNC server, the server provides a list of supported authentication methods. By design, the client then selects a method from the list. Due to an implementation flaw, if the client specifies that no (null) authentication should be used, the server accepts this method and authenticates the client, whether or not null authentication was offered by the server.
Note: that exploit code for this vulnerability is publicly available.
II. Impact
A remote, unauthenticated attacker could gain access to a system running RealVNC server. If the RealVNC server runs with administrative privileges, the attacker could gain complete control of the system.
III. Solution
Upgrade
This issue is corrected in RealVNC version 4.1.2, RealVNC Personal Edition 4.2.3, and RealVNC Enterprise Edition 4.2.3. Refer to the RealVNC Downloads site to get a patched version.
Systems Affected
Vendor Status Date Updated
RealVNC Vulnerable 16-May-2006
Red Hat, Inc. Not Vulnerable 17-May-2006
References
http://secunia.com/advisories/20107/
http://www.realvnc.com/howitworks.html
http://www.realvnc.com/products/free/4.1/release-notes.html
http://www.realvnc.com/products/personal/4.2/release-notes.html
http://www.realvnc.com/products/enterprise/4.2/release-notes.html
http://marc.theaimsgroup.com/?l=bugtraq&m=114771408013890&w=2