ðòïåëôù 

  áòèé÷ 

Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 

  ðåòóïîáìøîïå 

  ðòïçòáííù 

ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA20107] RealVNC Password Authentication Bypass Vulnerability

> 
> 
> TITLE:
> RealVNC Password Authentication Bypass Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA20107
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/20107/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> Security Bypass
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> RealVNC 4.x
> http://secunia.com/product/3719/
> 
> DESCRIPTION:
> Steve Wiseman has reported a vulnerability in RealVNC, which can be
> exploited by malicious people to bypass certain security
> restrictions.
> 
> The vulnerability is caused due to an error within the handling of
> VNC password authentication requests. This can be exploited to bypass
> authentication and allows access to the remote system without
> requiring knowledge of the VNC password.
> 
> The vulnerability has been reported in version 4.1.1. Other versions
> may also be affected.
> 
> Note: Version 4.0 is reportedly not affected.
> 
> SOLUTION:
> Update to Free Edition version 4.1.2 or Personal Edition/Enterprise
> Edition version 4.2.3.
> http://www.realvnc.com/download.html
> 
> PROVIDED AND/OR DISCOVERED BY:
> Steve Wiseman
> 
> ORIGINAL ADVISORY:
> RealVNC:
> http://www.realvnc.com/products/free/4.1/release-notes.html
> http://www.realvnc.com/products/personal/4.2/release-notes.html
> http://www.realvnc.com/products/enterprise/4.2/release-notes.html
> 
> IntelliAdmin:
> http://www.intelliadmin.com/blog/2006/05/security-flaw-in-real
vnc-411.html
> http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-con
cept.html
> 
>

 



Copyright © Lexa Software, 1996-2009.