Nmap Development mailing list archives
[NSE Script] RealVNC Authentication Bypass (CVE-2006-2369)
From: "Brandon Enright" <bmenrigh () ucsd edu>
Date: Thu, 17 Aug 2006 01:22:20 -0000
Here is a NSE/Lua script for detecting RealVNC servers vulnerable to the remote authentication bypass described at http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2369. This is my first Lua/NSE script and the first(?) vulnerability script so it could probably use a looking over for style and robustness. Count this as my vote for including Diman's NSE patch with Nmap ;-). This script has been tested against a couple /16 networks on ports 5900-5999 and has worked without incident so inclined to say it works. If this attachment gets stripped a copy of it is available at http://noh.ucsd.edu/~bmenrigh/RealVNC_auth_bypass.lua. Feedback is wanted. Brandon -- Brandon Enright Network Security Analyst UCSD ACS/Network Operations bmenrigh () ucsd edu
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE Script] RealVNC Authentication Bypass (CVE-2006-2369) Brandon Enright (Aug 16)
- Re: [NSE Script] RealVNC Authentication Bypass (CVE-2006-2369) Brandon Enright (Aug 16)