DoS attack VNC 4.0
Mike Miller
mbmiller "at" taxa.epi.umn.edu
Mon Aug 30 21:19:01 2004
On Wed Aug 25 23:49:00 2004, b kwok wrote:
> Want to verify and confirm if this attack sucess by sending more than 60
> connections request to VNC server on windows platforms, any fix for that?
>
> http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1068.html
I hope this will be fixed soon. It seems to be real because it was picked
up by SANS, as reported below.
Mike
*******************************************************************
@RISK: The Consensus Security Vulnerability Alert
August 30, 2004 Vol. 3. Week 34
*******************************************************************
[snip]
04.34.17 CVE: Not Available
Platform: Third Party Windows Apps
Title: RealVNC Server Remote Denial of Service
Description: RealVNC (Virtual Network Computing) allows users to access
remote computers for administration purposes. It is reportedly vulnerable
to a remote denial of service condition. This issue is exposed when an
attacker makes 60 simultaneous connections with the server. The server
eventually crashes, denying service to legitimate users. RealVNC version
4.0 is reported to be vulnerable.
Ref: http://archives.neohapsis.com/archives/bugtraq/2004-08/0346.html