Bugtraq mailing list archives
Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise
From: Joachim Schipper <j.schipper () math uu nl>
Date: Mon, 15 May 2006 18:36:56 +0200
On Mon, May 15, 2006 at 07:58:10AM -0500, Dixon, Wayne wrote:
So what can be done about this exploit? Does 4.1.2 protect against this vulnerability? And what other mitigation procedures are available for this?
The best solution is not to run a VNC service using no more than it's own authentication. Most offer only password auth, which is quite simply insufficient. Use some auth scheme based on certificates or somesuch - ssh, IPSec and OpenVPN all offer this capability. Joachim
Current thread:
- RealVNC 4.1.1 Remote Compromise James Evans (May 15)
- Message not available
- Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise Joachim Schipper (May 18)
- Message not available
- <Possible follow-ups>
- re: RealVNC 4.1.1 Remote Compromise plato (May 16)