Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: RealVNC Exploit

  1. #11
    Senior Member
    Join Date
    Jan 2005
    Posts
    217

    nice choice

    Hi HTRegz,

    I like VPN and Remote Desktop personally...
    - That makes me feel a lot better....

    In our company, we also use openVPN and Windows' RDP on accessing our server farm. And we never had any problems with it yet.

    openVPN server runs in UNIX, while we use the client in our WinXP machines and it is very useful in our remote administration tasks.

    Cheers!

    yO!
    \"Life without FREEDOM is no life at all\". - William Wallace
    MyhomE MyboX StealtH (loop n. see loop.)
    http://www.geocities.com/sebeneleben/SOTBMulti.gif

  2. #12
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185
    **UPDATE**

    Found at: http://isc.sans.org/
    RealVNC exploits in the wild (NEW)
    Published: 2006-05-18,
    Last Updated: 2006-05-18 17:10:59 UTC by Swa Frantzen

    Active use of RealVNC to break into systems is being reported anonymously.

    If you can share more details or just can report attempts, please let us know.

    If you have any RealVNC exposed, check if you are hacked, and if not take measures immediately. If you want an inherently more secure solution check how to run vnc over ssh on your specific platform.

    See more of the vulnerability in the May 15th diary by Kyle Haugsness.

    [updates below]
    List of exploits reported to us by our readers:

    - Austin from the UK reports that all shared printers in his office stated to print:
    Dear Network Administrator. Please do not be alarmed. My team is network security specialist. You are using a vulnerable version of VNC. Please upgrade your version soon.We have not accessed your data but we could have. Have a nice dayThe intrusion reportedly happened on a workstation where a visitor left a VNC server running.

    - He notes that "RealVNC logs all connection IP addresses in the event manager which some people didn't know".

    - An Anonymous report about the installation of typical tools installed by the warez and hacker crowd such as Serv-U and pwdump.

    ...
    Keep them coming!
    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  3. #13
    Yeah, we're seeing a fair amount of scans from the Internet looking for port 5900...no worries though, we dont allow (and dont have open as we audit regulary) VNC over the Internet. Plus we mostly use UltraVNC.

    So wonder how long until a network worm is released exploiting this issue.....or existing malware for say botnets get this exploit built into it. sigh

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •