Home | Community | Message Board

World Seed Supply
This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: PhytoExtractum Buy Bali Kratom Powder   Kraken Kratom Red Vein Kratom

Jump to first unread post Pages: 1
InvisibleDiploidM
Cuban


Folding@home Statistics
Registered: 01/09/03
Posts: 19,274
Loc: Rabbit Hole
CRITICAL!!! Security Vulnerability in VNC - READ THIS NOW
    #7971964 - 02/03/08 07:37 AM (15 years, 11 months ago)

If you use VNC, read this now!

I freaked out today when I was working on something and suddenly my mouse went crazy. I'd move it and it would move somewhere else. I figured there was lint in the optical sensor or maybe the USB port it's plugged into was having trouble, then I noticed the VNC icon in the system tray had changed from white to black, meaning someone's logged in!

I practically flew across the room to shut off the router! Yikes!

After killing VNC, I looked around and found that there is a buffer overrun bug exploit found last October. I guess I was just lucky that I was here when someone found their way in.

Apparently this is fixed in the new version, but now I'm paranoid, which sucks because it's such a useful functionality.

Damned idiot programmers. Buffer overrun is the most sophomoric of all the stoopid errors a C programmer can make. WTF! Why did I paid for this piece of shit.

Maybe it's time to start using Microsoft's Remote Desktop thingie.

--

If you are running RealVNC on any of your hosts, and it is an older
version than Free Edition 4.1.2, Personal Edition 4.2.3, or
Enterprise Edition 4.2.3
, then I urge you to stop whatever you are
doing and upgrade immediately. If you put off upgrading, then it is
likely that you will need to recover from a system compromise before
doing so. There has been a sharp increase in hackers using RealVNC to
compromise machines in the past few days.

The RealVNC vulnerability allows an attacker to bypass authentication
by simply requesting 'Type 1 - None' as the authentication type even
though it is not explicitly configured to support that. By exploiting
this issue, an attacker gains access to the affected host at the
privilege level under which RealVNC operates, typically as
Administrator under Windows.

Here are links to more informational and RealVNC software.

http://www.intelliadmin.com/blog/2006/05/security-flaw-in-
realvnc-411.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046039.html
http://www.realvnc.com/products/free/4.1/release-notes.html
http://www.realvnc.com/products/personal/4.2/release-notes.html
http://www.realvnc.com/products/enterprise/4.2/release-notes.html
http://isc.sans.org/diary.php?date=2006-05-12

Todd Atkins
Network Security Coordinator
University of California, Santa Barbara
Voice: (805) 689-9300 Fax: (805) 893-5051
http://www.oit.ucsb.edu/security


--------------------
Republican Values:

1) You can't get married to your spouse who is the same sex as you.
2) You can't have an abortion no matter how much you don't want a child.
3) You can't have a certain plant in your possession or you'll get locked up with a rapist and a murderer.

4) We need a smaller, less-intrusive government.


Extras: Filter Print Post Top
Invisiblepoke smot!
floccinocci floofinator
Male


Registered: 01/08/03
Posts: 5,248
Re: CRITICAL!!! Security Vulnerability in VNC - READ THIS NOW *DELETED* [Re: Diploid]
    #7971980 - 02/03/08 07:48 AM (15 years, 11 months ago)

Post deleted by poke smot!

Reason for deletion: x



Extras: Filter Print Post Top
InvisibleDiploidM
Cuban


Folding@home Statistics
Registered: 01/09/03
Posts: 19,274
Loc: Rabbit Hole
Re: CRITICAL!!! Security Vulnerability in VNC - READ THIS NOW [Re: poke smot!]
    #7972028 - 02/03/08 08:22 AM (15 years, 11 months ago)

Yeah, I use non-standard ports, but that's not much of a defence against someone who knows what they're doing. And I always figured if I'm paying for a commercial product, there should be thorough code reviews done before anything goes into production, but apparently not.

I should have pirated it. At least I'd feel better now. :mad2:

TightVNC here I come.


--------------------
Republican Values:

1) You can't get married to your spouse who is the same sex as you.
2) You can't have an abortion no matter how much you don't want a child.
3) You can't have a certain plant in your possession or you'll get locked up with a rapist and a murderer.

4) We need a smaller, less-intrusive government.


Extras: Filter Print Post Top
Offlinemilkman
DeliveringWorldWide
Male User Gallery


Registered: 07/04/07
Posts: 2,108
Loc: tha FLA
Last seen: 2 months, 29 days
Re: CRITICAL!!! Security Vulnerability in VNC - READ THIS NOW [Re: Diploid]
    #7972654 - 02/03/08 12:03 PM (15 years, 11 months ago)

i actually did that to a few people i used a thing that scans a range of ips/ports then you open the vnc thing input ip and bam your on a desktop miles away ha it was so fun


Extras: Filter Print Post Top
InvisibleHELLA_TIGHT
Madge the Smoking Vag
Female User Gallery
Folding@home Statistics
Registered: 08/19/03
Posts: 84,387
Loc: Afghanistan Flag
Re: CRITICAL!!! Security Vulnerability in VNC - READ THIS NOW [Re: Diploid]
    #7974230 - 02/03/08 05:25 PM (15 years, 11 months ago)

So you're running VNC on Windows?

I would suggest just sticking to RDP, unless you're on linux.


--------------------




Extras: Filter Print Post Top
InvisibleDiploidM
Cuban


Folding@home Statistics
Registered: 01/09/03
Posts: 19,274
Loc: Rabbit Hole
Re: CRITICAL!!! Security Vulnerability in VNC - READ THIS NOW [Re: HELLA_TIGHT]
    #7974386 - 02/03/08 06:00 PM (15 years, 11 months ago)

Not any more! :noway:


--------------------
Republican Values:

1) You can't get married to your spouse who is the same sex as you.
2) You can't have an abortion no matter how much you don't want a child.
3) You can't have a certain plant in your possession or you'll get locked up with a rapist and a murderer.

4) We need a smaller, less-intrusive government.


Extras: Filter Print Post Top
Offlinefunnybunny
Saboten Bomber
Male User Gallery


Folding@home Statistics
Registered: 01/30/06
Posts: 602
Loc: Spain
Last seen: 1 year, 7 months
Re: CRITICAL!!! Security Vulnerability in VNC - READ THIS NOW [Re: Diploid]
    #7976596 - 02/04/08 05:49 AM (15 years, 11 months ago)

My VNC connections are only allowed through a SSH tunnel.


Extras: Filter Print Post Top
Offlinebeatyou
one
 User Gallery

Registered: 02/21/06
Posts: 618
Loc: austin, tx
Last seen: 2 years, 5 months
Re: CRITICAL!!! Security Vulnerability in VNC - READ THIS NOW [Re: funnybunny]
    #7983158 - 02/05/08 03:54 PM (15 years, 11 months ago)

First of all, you shouldn't have had VNC open to the outside world, that would have prevented your situation. The only port you should have open to the outside is a vpn/ssh tunnel of some sort.

So if you are at a remote location, the process is 1. connect to your VPN (OpenVPN
ftw) -> 2. Open your VNC session

Having ANY other ports open besides a vpn of some sort is insecure.

btw, why did you pay for vnc? there are tons of free vnc flavors out there, all pretty much the same. Also, commercial software is traditionally less secure and more buggy than open source alternatives.


Extras: Filter Print Post Top
InvisibleDiploidM
Cuban


Folding@home Statistics
Registered: 01/09/03
Posts: 19,274
Loc: Rabbit Hole
Re: CRITICAL!!! Security Vulnerability in VNC - READ THIS NOW [Re: beatyou]
    #7983627 - 02/05/08 05:49 PM (15 years, 11 months ago)

The only port you should have open to the outside is a vpn/ssh tunnel of some sort.

Unfortunately, it's not always possible to use a VPN. That's the real world, like it or not.

why did you pay

To get a polished, professional product, which I obviously didn't get. :mad2:


--------------------
Republican Values:

1) You can't get married to your spouse who is the same sex as you.
2) You can't have an abortion no matter how much you don't want a child.
3) You can't have a certain plant in your possession or you'll get locked up with a rapist and a murderer.

4) We need a smaller, less-intrusive government.


Extras: Filter Print Post Top
Offlinebeatyou
one
 User Gallery

Registered: 02/21/06
Posts: 618
Loc: austin, tx
Last seen: 2 years, 5 months
Re: CRITICAL!!! Security Vulnerability in VNC - READ THIS NOW [Re: Diploid]
    #7983666 - 02/05/08 05:59 PM (15 years, 11 months ago)

Quote:

Diploid said:
why did you pay

To get a polished, professional product, which I obviously didn't get. :mad2:




Paying for software doesn't guarantee you any of those things, in my experience paid software is a BITCH to get support for, or bugs fixed. Cause they already have your money, what else do they need?

Open source projects are often more polished, stable, well documented, and have an active community of developers and support. Some software is worth buying, but it's few and far in between.


Extras: Filter Print Post Top
InvisibleDiploidM
Cuban


Folding@home Statistics
Registered: 01/09/03
Posts: 19,274
Loc: Rabbit Hole
Re: CRITICAL!!! Security Vulnerability in VNC - READ THIS NOW [Re: beatyou]
    #7983681 - 02/05/08 06:02 PM (15 years, 11 months ago)

Yeah well, that's the last time I pay for software. It's all in a torrent somewhere, and I'm sick of shit developers who don't even know how to manage an array without introducing a buffer overflow bug.


--------------------
Republican Values:

1) You can't get married to your spouse who is the same sex as you.
2) You can't have an abortion no matter how much you don't want a child.
3) You can't have a certain plant in your possession or you'll get locked up with a rapist and a murderer.

4) We need a smaller, less-intrusive government.


Extras: Filter Print Post Top
Jump to top Pages: 1

Shop: PhytoExtractum Buy Bali Kratom Powder   Kraken Kratom Red Vein Kratom


Similar ThreadsPosterViewsRepliesLast post
* Microsoft Issues Patch for 'Critical' Windows Secu Mojo_Risin 1,150 4 11/21/02 06:44 PM
by Mojo_Risin
* Multiple Internet Explorer Vulnerabilities darkfly 1,268 7 07/15/04 03:43 AM
by AhronZombi
* USA Patriot Act on Network Security Practice Lana 1,646 1 11/27/01 10:08 PM
by Ishmael
* Kali Linux on RPi - vnc issue countchocula420 259 2 10/18/17 06:21 PM
by MrMalone
* Question for admin, and F-Secure Lana 2,121 2 05/28/01 12:18 PM
by 3DSHROOM
* Computer Security dog 1,369 10 12/22/03 03:31 PM
by dog
* RFID Tag/System Vulnerability daimyo 1,090 0 03/16/06 08:16 AM
by daimyo
* Security leaks Tengu 1,361 6 11/01/02 05:42 PM
by TheHobbit

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
1,055 topic views. 0 members, 0 guests and 4 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.031 seconds spending 0.008 seconds on 14 queries.