Slashdot - Slashdot poroča o varnostni luknji v VNC 4.1. Na računalnik z nameščenim VNC 4.1 je namreč mogoče vstopiti brez poznavanja gesla.
Pri IntelliAdmin, kjer so varnostno pomankljivost odkrili, so pripravili demonstracijo (tim. proof-of-concept), vendar pa so ga že umaknili iz svoje spletne strani. Popravek je že na voljo.
Novice » Varnost » Varnostna ranljivost v VNC 4.1
|SNap| ::
A so ostali VNC serverji (npr. TightVNC) tudi ranljivi, ali samo RealVNC?
Če slednje, mogoče ne bi bilo neumno, da se napiše v novico RealVNC, ne pa samo VNC.
Če slednje, mogoče ne bi bilo neumno, da se napiše v novico RealVNC, ne pa samo VNC.
Dragi ::
Nice, na google catch se lahko zmerm zaneseš
edit: Prizadeti so samo serverji z realvnc 4.1.1 verzijo
quote z strani:
I started to wonder how widespread this flaw was so I downloaded TightVNC, and UltraVNC. They are immune. Both of them reject my connection right away.
edit: Prizadeti so samo serverji z realvnc 4.1.1 verzijo
quote z strani:
I started to wonder how widespread this flaw was so I downloaded TightVNC, and UltraVNC. They are immune. Both of them reject my connection right away.
Zgodovina sprememb…
- spremenil: Dragi ()
denial ::
Po zadnjih informacijah je ranljiv le RealVNC...
http://www.arnes.si/si-cert/obvestila/2006-04.html
http://seclists.org/lists/fulldisclosure/2006/May/0359.html
SANS quote: "Full Disclosure, exploits are now being released. This note is to alert our readers that the exploit is trivial and very effective. In fact, you can modify a VNC client to exploit the vulnerability with very little code changes -- around 1 line."
http://www.arnes.si/si-cert/obvestila/2006-04.html
http://seclists.org/lists/fulldisclosure/2006/May/0359.html
SANS quote: "Full Disclosure, exploits are now being released. This note is to alert our readers that the exploit is trivial and very effective. In fact, you can modify a VNC client to exploit the vulnerability with very little code changes -- around 1 line."
SELECT finger FROM hand WHERE id=3;
Vredno ogleda ...
Tema | Ogledi | Zadnje sporočilo | |
---|---|---|---|
Tema | Ogledi | Zadnje sporočilo | |
» | Psyb0t - zlonamerni črv, ki napada Linux mrežno opremoOddelek: Novice / Varnost | 5368 (3533) | Azrael |
» | Vzpostavljanje prikritih omrežij s pomočjo XSS ranljivosti in JavaScriptaOddelek: Novice / Varnost | 5595 (4304) | MrStein |
» | Playstation novostiOddelek: Novice / Konzole | 4654 (4140) | CWIZO |
» | Virusi tudi za StarOffice in OpenOffice.orgOddelek: Novice / Varnost | 3348 (2873) | BigWhale |
» | 0-day JavaScript ranljivost za MS IEOddelek: Novice / Varnost | 4621 (3255) | B-D_ |