A heads up on new worm affecting previous versions of
RealVNC
Mike Miller
mbmiller "at" taxa.epi.umn.edu
Fri Jan 12 20:12:00 2007
On Fri, 12 Jan 2007, Diana Hargus wrote:
> Just had to clean up this new worm from an infected pc. Apparently the
> vector was through an um-updated VNC on a friend's pc. Just another
> reason to update and patch.
>
> http://www.us.sophos.com/security/analyses/w32rbotgai.html
>
> From the writeup on the worm at Sophos:
>
> W32/Rbot-GAI spreads to other network computers by exploiting common
> buffer overflow vulnerabilities, including: LSASS (MS04-011), SRVSVC
> (MS06-040), RPC-DCOM (MS04-012), ASN.1 (MS04-007) and RealVNC
> (CVE-2006-2369).
What do we know about which VNC versions are vulnerable? Is this worm
exploiting a well-known vulnerability? (The one we dealt with last year?)
Can it attack a Linux box?
Best,
Mike
--
Michael B. Miller, Ph.D.
Assistant Professor
Division of Epidemiology and Community Health
and Institute of Human Genetics
University of Minnesota
http://taxa.epi.umn.edu/~mbmiller/