VNC zlib Advisory draft 1

Michael Ossmann michael.ossmann "at" alttech.com
Thu, 14 Mar 2002 21:23:22 +0000


On Thu, Mar 14, 2002, Jonathan Morton wrote:
> 
> 
> A rogue server could ask for a password, send a challenge, and then 
> ignore the response and just let you in, and then set up the exploit 
> on the viewer.

That is an excellent point.  Another way a client would be particularly
vulnerable is if it is in listen mode.  Any rogue server could connect
to it without requiring any authentication.

-- 
Mike Ossmann, Tarantella/UNIX Engineer/Instructor
Alternative Technology, Inc.  http://www.alttech.com/
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------