Slashdot - Slashdot poroča o varnostni luknji v VNC 4.1. Na računalnik z nameščenim VNC 4.1 je namreč mogoče vstopiti brez poznavanja gesla.
Pri IntelliAdmin, kjer so varnostno pomankljivost odkrili, so pripravili demonstracijo (tim. proof-of-concept), vendar pa so ga že umaknili iz svoje spletne strani. Popravek je že na voljo.
Novice » Varnost » Varnostna ranljivost v VNC 4.1
|SNap| ::
A so ostali VNC serverji (npr. TightVNC) tudi ranljivi, ali samo RealVNC?
Če slednje, mogoče ne bi bilo neumno, da se napiše v novico RealVNC, ne pa samo VNC.
Če slednje, mogoče ne bi bilo neumno, da se napiše v novico RealVNC, ne pa samo VNC.
Dragi ::
Nice, na google catch se lahko zmerm zaneseš 
edit: Prizadeti so samo serverji z realvnc 4.1.1 verzijo
quote z strani:
I started to wonder how widespread this flaw was so I downloaded TightVNC, and UltraVNC. They are immune. Both of them reject my connection right away.
edit: Prizadeti so samo serverji z realvnc 4.1.1 verzijo
quote z strani:
I started to wonder how widespread this flaw was so I downloaded TightVNC, and UltraVNC. They are immune. Both of them reject my connection right away.
Zgodovina sprememb…
- spremenil: Dragi ()
denial ::
Po zadnjih informacijah je ranljiv le RealVNC...
http://www.arnes.si/si-cert/obvestila/2006-04.html
http://seclists.org/lists/fulldisclosure/2006/May/0359.html
SANS quote: "Full Disclosure, exploits are now being released. This note is to alert our readers that the exploit is trivial and very effective. In fact, you can modify a VNC client to exploit the vulnerability with very little code changes -- around 1 line."
http://www.arnes.si/si-cert/obvestila/2006-04.html
http://seclists.org/lists/fulldisclosure/2006/May/0359.html
SANS quote: "Full Disclosure, exploits are now being released. This note is to alert our readers that the exploit is trivial and very effective. In fact, you can modify a VNC client to exploit the vulnerability with very little code changes -- around 1 line."
SELECT finger FROM hand WHERE id=3;
Vredno ogleda ...
| Tema | Ogledi | Zadnje sporočilo | |
|---|---|---|---|
| Tema | Ogledi | Zadnje sporočilo | |
| » | Psyb0t - zlonamerni črv, ki napada Linux mrežno opremoOddelek: Novice / Varnost | 5517 (3682) | Azrael |
| » | Vzpostavljanje prikritih omrežij s pomočjo XSS ranljivosti in JavaScriptaOddelek: Novice / Varnost | 5636 (4345) | MrStein |
| » | Playstation novostiOddelek: Novice / Konzole | 4693 (4179) | CWIZO |
| » | Virusi tudi za StarOffice in OpenOffice.orgOddelek: Novice / Varnost | 3382 (2907) | BigWhale |
| » | 0-day JavaScript ranljivost za MS IEOddelek: Novice / Varnost | 4696 (3330) | B-D_ |