VNC zlib Advisory draft 1

Michael Ossmann michael.ossmann "at"
Thu, 14 Mar 2002 21:23:22 +0000

On Thu, Mar 14, 2002, Jonathan Morton wrote:
> A rogue server could ask for a password, send a challenge, and then 
> ignore the response and just let you in, and then set up the exploit 
> on the viewer.

That is an excellent point.  Another way a client would be particularly
vulnerable is if it is in listen mode.  Any rogue server could connect
to it without requiring any authentication.

Mike Ossmann, Tarantella/UNIX Engineer/Instructor
Alternative Technology, Inc.
To unsubscribe, mail majordomo "at" with the line:
'unsubscribe vnc-list' in the message BODY
See also: