Ubuntu
vnc4 package

Huge security risk with default vnc4server in Edgy

Bug #64534 reported by flowbot
This bug report is a duplicate of:  Bug #77383: vnc4 authentication bypass. Edit Remove
256
Affects Status Importance Assigned to Milestone
vnc4 (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: vnc4server

I recently had some wierd behaviour with open Instant Messaging windows - I had been away from my computer for some hours, and upon return, an IM window that I'd left open had been sending Windows systems commands to the contact. This happened in Gaim and Skype, while noone would have had access to my physical machine. Here is a link to the portion of conversation that contains the said messages: http://garimbo.org/nopaste/798.

I visited Gaim IRC to find out if they knew how this might have happened, and it turns out that version 4.1.1 of RealVnc contains a massive security flaw that will allow non-local users to connect to the Vnc server *without a password*. Here are some relevant links the Gaim developers pointed me to:

http://www.realvnc.com/pipermail/vnc-list/2006-May/054952.html
http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html

The only scenario that makes sense to me is that someone gained access to my vnc'd ubuntu box and tried propagating a virus.

In any case, RealVnc 4.1.2 is supposed to address this issue.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.