"shatter" vulnerability
EXT-Bellers, Chris
chris.bellers "at" boeing.com
Thu Aug 15 18:04:01 2002
I recently tested the current vnc release (v3.3.3 R9) against the win32
'shatter' attacks recently referenced on many security mailing lists, and
found that I can indeed obtain LocalSystem privileges using the same
methods.
I'm sure that most of the readers of most security lists and the vnc lists
hold no illusions about the security provided by vnc, but this is
regrettably something that falls outside the bounds of the typical
cipher-strength and challenge problems.
I'll post to the usual security forums in a week unless otherwise directed.
References:
http://security.tombom.co.uk/shatter.html
Thanks in advance
Sincerely,
Chris Bellers
OSA System Administrator
Phantom Works, Boeing