A heads up on new worm affecting previous versions of
RealVNC
Mick
michaelkintzios "at" gmail.com
Sun Jan 14 09:29:01 2007
On Saturday 13 January 2007 16:39, Mike Miller wrote:
> On Fri, 12 Jan 2007, William Hooper wrote:
> >> What do we know about which VNC versions are vulnerable?
> >
> > Check it out using the CVE number:
> >
> > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2369
> >
> > This references the bug in version 4.1.1.
>
> Thanks! That's what I thought. This note from Red Hat is funny:
>
> Official Statement from Red Hat (8/16/2006)
> This issue only affected version 4.1.1 and not the versions distributed
> with Red Hat Enterprise Linux 2.1, 3, or 4.
>
> It is true because they are still distributing Xvnc version 4.0b4. I have
> been asking for a newer version, but they won't give it to me! The reason
> I've been asking for a newer version is that an nmap scan of port 5901 on
> the Linux server kills the Xvnc session. Our IT group likes to scan me as
> part of a security check and this provides a DoS, but this has so far come
> only from our IT group and not from outside. Madness.
Maybe their scanning is a bit too aggressive? Ask them to run nmap with
a -T0, or -T1 option to slow down the packets (but the scan will take longer)
and also -P0 to stop pings.
--
Regards,
Mick
[demime 1.01d removed an attachment of type application/pgp-signature]