Full Disclosure mailing list archives
Re: RealVNC 4.1.1 Remote Compromise
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Mon, 15 May 2006 12:42:51 -0400
So what can be done about this exploit? Does 4.1.2 protect against this vulnerability? And what other mitigation procedures are available for this?
Well, VNC hasn't exactly been legendary for security .. but if you do run it, one safe(er) way to do so is bind VNC to localhost, and use sshd and port-redirection to access it.
Of course, then you've got to pay attention to patches in OpenSSH, but that's got a better track record, and allows you to do RSA auth, etc.
Cheers, Michael Holstein CISSP GCIA Cleveland State University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RealVNC 4.1.1 Remote Compromise James Evans (May 15)
- RE: RealVNC 4.1.1 Remote Compromise Dixon, Wayne (May 15)
- Re: RealVNC 4.1.1 Remote Compromise Joachim Schipper (May 15)
- Re: RealVNC 4.1.1 Remote Compromise Michael Holstein (May 15)
- Re: RealVNC 4.1.1 Remote Compromise Dave "No, not that one" Korn (May 16)
- <Possible follow-ups>
- Re: RealVNC 4.1.1 Remote Compromise Juha-Matti Laurio (May 15)
- re: RealVNC 4.1.1 Remote Compromise plato (May 16)
- Re: RealVNC 4.1.1 Remote Compromise ad () heapoverflow com (May 16)
- RE: RealVNC 4.1.1 Remote Compromise Krpata, Tyler (May 19)
- Re: RealVNC 4.1.1 Remote Compromise ad () heapoverflow com (May 19)
- Re: RealVNC 4.1.1 Remote Compromise Matt Venzke (May 19)
- Re: RealVNC 4.1.1 Remote Compromise ad () heapoverflow com (May 19)
- RE: RealVNC 4.1.1 Remote Compromise Dixon, Wayne (May 15)