A heads up on new worm affecting previous versions of
RealVNC
William Hooper
whooper "at" freeshell.org
Fri Jan 12 21:19:01 2007
Mike Miller wrote:
> On Fri, 12 Jan 2007, Diana Hargus wrote:
>
>
>> Just had to clean up this new worm from an infected pc. Apparently the
>> vector was through an um-updated VNC on a friend's pc. Just another
>> reason to update and patch.
>>
>> http://www.us.sophos.com/security/analyses/w32rbotgai.html
>>
>>
>> From the writeup on the worm at Sophos:
>>
>>
>> W32/Rbot-GAI spreads to other network computers by exploiting common
>> buffer overflow vulnerabilities, including: LSASS (MS04-011), SRVSVC
>> (MS06-040), RPC-DCOM (MS04-012), ASN.1 (MS04-007) and RealVNC
>> (CVE-2006-2369).
>>
>
>
> What do we know about which VNC versions are vulnerable?
Check it out using the CVE number:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2369
This references the bug in version 4.1.1.
--
William Hooper