VNC zlib Advisory draft 1
Michael Ossmann
michael.ossmann "at" alttech.com
Thu, 14 Mar 2002 21:23:22 +0000
On Thu, Mar 14, 2002, Jonathan Morton wrote:
>
>
> A rogue server could ask for a password, send a challenge, and then
> ignore the response and just let you in, and then set up the exploit
> on the viewer.
That is an excellent point. Another way a client would be particularly
vulnerable is if it is in listen mode. Any rogue server could connect
to it without requiring any authentication.
--
Mike Ossmann, Tarantella/UNIX Engineer/Instructor
Alternative Technology, Inc. http://www.alttech.com/
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------