Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Highly Critical RealVNC Flaw Fixed



 By: Ryan Naraine
2006-05-15
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The open-source virtual network computing software is vulnerable to a flaw that could allow malicious hackers to bypass password authentication.

A "highly critical" flaw in RealVNCs virtual network computing software could allow malicious hackers to access a remote system without a password, according to a published advisory.

RealVNC, the Cambridge, U.K.-based company that invented the open-source software, has acknowledged the flaw and posted patches for all affected versions.

The RealVNC software, which competes with Symantecs pcAnywhere, allows users access a remote computer from a local PC. The company distributes the software in three versions—free, personal and enterprise edition.

Read here about an upgrade to Symantecs pcAnywhere.

Resource Library:

The vulnerability is caused due to an error within the handling of VNC password authentication requests. It can be exploited to bypass authentication and allows access to the remote system without requiring knowledge of the VNC password.

IntelliAdmin, the company that discovered the bug, has published a proof-of-concept exploit to help users determine if their RealVNC version is affected.

RealVNC is used in the enterprise to handle remote system administration tasks like taking control of employee machines to diagnose and fix problems, or to access and administer server machines without making a trip to the console.

The software is fully cross-platform, making it popular among users who want to access a Linux machine, a Windows PC, a Solaris machine or any number of other architectures.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.





  Reader Comments: Highly Critical RealVNC Flaw Fixed
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}r8s;>Ӯ5ŋKmiXTPP$$M3?/'7LBKT{veK@&2D"?H9wur5g6%SE]"I͝C(p(IFA)v@{iFu;A&pTwd>J`OS;SM Ɠ5?X1 |+[S}LF6\3Ѣb ^Pk$ȁ_Mܦ%Hxu)t(DHږyH6EGJ;ߣ*C7 ݩx8/DeOd^b{Aq45;^0k~BQ50NK <[@Sա*v25vk>6^:6 ȅC׷z$nRvn7o\ 205I2Z [XdTZ ӡku8r 08juj=nfO-n@w(\'p}j F1 96L( |HBɤ:ZdQ}9e, f4öۢCCٰo5RrXJyYr_ӽl˙=X8^p?/Εiѻ]HQPw;@VVa(.:^O.ac'H H~7& LT*jZ*NL@aBjLx:~Xst\㍒~7ny#ܲ_/ivdf1{Pd!XI#/YTUGf9괏'򳹥}o__]wzmo]wڧ>ߘecfy3?TrJw3B~ V7'77˓MvIsCV|BCj`BәcYuuU_Zz`Ck'ޮC燩MXCEC0ʾ~Ff{r&޺tt9&IoJDz|?!;_Cj ݖeB_*X_KŗG)LY4C ! ,mdʩ$zN2ߜ>o4C+D_x0Nu}f5 @kFkPYDak6R\ 9jbsv!fB;M)z@U@ZZ~nV$9USEI7#DL vxr!DKI88g^R]E1\aU<8uwެ-Ujմޙ/~iYwθyn?]OH{⧋v؆)WIC EhYf7-vI9qM}sQU1W*P\?,Ëʾb(7ZdL,5,{Lt차ϳp: 0hv?SOiͦ89yt$AG61^zK ucb>'ݸäp;pw>-Fv13{Q {>0iCkJQD4i-D@wM0Ie+f!S uG νdrgoMA(oEnPX^0 vjiqHpyY?»g{` 閭-L<ħ̠>xx??Ȝ+) Dt|JIIL}NBt"AђF )4 g #X"K"'Gs`[X;.V+\y"*M':ݱ;P+Jd&3,BV-KїPf%i2khƪń(VFN1|(0Vf)IVB17O)wz@aex**#wT4tj~#Jݼ~h;h{q#%MAw =e河xOuXKnuo?Jյ݋pz1TKúJj'/ohm_EڠueLGeK-# IHf(XK+ezlxyD62Cin Py\{8`O7l{`(`R5 )KbW4E%sXf&`ܲ &P wS~8;[0P!k^͆Vu<]| ==r3C6 cp6x>JeHכAB CO5,&ff:X[' +ȁUzqg0읶ׅ]%ϥ_(̧6i+Co{LsCm0 G "˞#G_&])VW=B~* iҏ5 &^PGe d^ `M`R#׶| :lF֝9BQZ>-B.,g \ipj ZDZLhKAqA0*]y.rT~12­q͝a&1 DR)Ö1Swhi'GT'/咢TSҐah"pHEAxZkhp\@U.)L-9Hz  [ hg [QznSCz+n `RI?I BL!2B3ݧ==1g匬~`"G dRPZUU+òZp~W`q,(xO?b5xh/Op_l_K_vo?SMK\s>'<\VaQƖ]4FXXH]-'L͎GO}RIS4dP.Q9ufj[EpdEN]rCy!+pDZ\PO]\Cc+>LuO##cYe:@ݐ늦 uzVE@ GzCxؽNHuҚ n:+@%lr ?֊N`έ(D a43Sb_@7T_/=4xEr‡1ክ54f;N'w6Jh)XS!RW dĞe~g׆gQyϤ͋h3|5 |l3HNqGL+ s0RsIl x@̬} w0m94c~('cjZ% XBb+>aL:+lC30XfSf~+u08 LBl̓Of*r1_?J= [LߴF@V1'`{7=;%(4OQ5rRl2~6P}m*lֳ>A>qHlw\O//n'WaO9n7=RJ 2=cte>ugc5Z8,*z)TʌYeO(QUmq'F.҂^ߵK]bRvQLvLʲHG٭TSV82V6ZZaoaqVZF3HU5EOM#/ PNZ[C^$G|)AU%MTjjEIz, :{Rn?mVPVW`Zd&{\%\3Li0o)Q멋~ fT]Z/)+iQ/ ~ dwm PG c[,dt߫]=+coZ''ˏ5a=;oF)^9 us)d}=^zsٖҽNWs5A nTHF_!yۭFS̠o2XHz0<㥑a+"ATK}͙B9ki.Dz=t_5g0YT p- ΊG0 Z`!b!bN<APC{ r H)'4 'yK|b;3Ğw[}hh!:Ua2"(BS.iDOg4}ܽnq# lo}AFJN^v Z-g[M7S+t,#?]/8ʚ=?E]N:|&=Br^'18;=h)I"21xc|.A-6ܾN9 4sJd":A%;)~ڰOCT䵴f[YUHO~%b.LyAH0Hv倜b}~"U߯Ilw;up=q"?h9#7:ŎNj/9"G,BQ ~ ܳ,e:];@_z|oIM2Gz1ɘZԍ A0nh;GQ0&x&4tEgy'("KxQ~4q4Xxju|S5L`aEF<.%g-;-QL.I߾&/3P +=Ƃy }Gw;}\=e>d>HАYc=ty9#- k^:͆ؓ{Jǻm ۮ~'ۻ}Zؖ[q*ApC=3'Kmw -*x 7={(ql^P8S  boK䏘,VIe=I9XT1Ǡue"cO'fo6} 2@Q )1ssڱA$MjtqDY::ˋ2lb"W-$u^#M\`Z*i'34kg:&%ꁘV8)a>Vi1ӏvZz%C[I*%qHMmk~`ssK2]q!u//*I=RaA!]`ҽ#Kj%I4{Hkr1"Cyj4 R$rDy t ]Bi/C)/߭ăi[Q4u&.z8IGX"0iDkJq3QPaKeR6W/];Ͱ"&᮫tu,u`[-m0cMǰZv)? mq'n⯯i}Isӈ1Mkn/f`]t5(!6^5E[ԛPnF:i#P[UsmцbɅ]l--m3TS𔸜.KxK@]"3b ǹfʑ;~ QC J׌JDUU߰u8b2UO7빊%*I"t}?@Ww(q'~;^I" ,/:a\i{4}iqzοtjJwę/}ԝqkoaof SjJc,m]$d82c8:~81cJ81"7%l{67}mqOf= x[1%X6@m`k>Ze.J9/;`qB!eWv&3wP|,> ztowwv]gS4εw 5Zw_ڋKۨ_x*̊}K+ȼ l-^AړݠYİO:,vx-{8Rxz1Bv1[2.˜.-Nu7fCFҸl`Jtq"o(.7=X67 ~Vxrt̪vmp/ ٳhFe!;OIcl|EO/ :â?$L1%ͦJ l1a6 uM|w#o彜?n%u(,@V5\?ԝގSTC䉯kH&o D#ঐ~xUN:@=gWm|#<~U13ʉmOUxMLMq`4B/os.He _M!Aag0~ aB6ė}DDqv7Qz@YmӶ"5v1h}P2D#%1d(=c$Gs8RG5Śx KEE&j=="@Ÿ Rxc) +hWxB,pyA%ee3-Ou{ (_"ΙTh,ZNtRĥkc.ѥZMWWK.KBG2K*ߕlW1 {BZ]Tes{ɧj*-& iT-A8si1=H3r3#mz^C GJk&t];xVy +k+mLtT8Ow| e޼vwO %YՉJ[ mݹ]K=!5&<+ڢ 2TXoX\DM#[Kx6_f~R!gI ] 0>4lX/ժsZE=4!#u_ZהV/`eEXccrsRDxv ,T_H֞uζü`"AdRD@ON cˡWq\o7z8 pPCĸ/Y¾^a᷍kdt̉:u_ai;t]kt+ 3>нg3B;w8iˎ1/7W3 l1|VpHWlfmmEUk)7g%.0,%n 鎥ryR6t G Ki~RJHuTs`6ވ۳j c#TSH?WOobD))m2윶FwG#ˠOkטP0 qL!1E \ЍB9ϪͲ;IoP}sY?e=a '2u?|{q BJ?Lm~##dM-ãk|U:ah|%w҅n,MÐE"JGt Mt47+ St#?+){ڞUޓϞ\di488l@1"6 ?Ji:N~NP_ FGč׀gxBW7˽}D['ٍCzhqf성 "`mv9'yo_*!;%2wg-d=w:}G4 LBH(4|r`(L1o; #x7tX$l9e1q !̆\oX|J71>B$!i ?/ח=e_)a#s~! gL- D´"c)41GJ[!1}ɹcMN퓔pxXҚ0! YC) \s#HJ 1шby 1SӖ{({qP\11Faŷ^$l;b21#bH}z+D:b)(bU 7T,G,(ϏB53RSJLmn$|s ^6CXLi8qXg- .E.[qw6'+נ!l8BkQ.閣FMQpV#ߛ~Sg8 Xں9P0(-ŌCZS*ѓȤ+t!dW`ǪZIPv x!0nV?.4W PRx 4 V #vFCdQ+h:1's;crڽ&-rznާu^yO7a[+ |폺Uw'_W_N;e<|1 kyl2/*f(H^.NQʩ`Sg̵,<^;KwE Gcqq^ L;'Q?B)Qe3ʋ qW~4ab ^{)o\{=-ZI YW'>;ȱkh >r:X)` чFIc 38bS>oI]hF&5+:v<)))-VNyʻ9'@vN1/?#cN?~O:Yg}yC:9CL2/B^N(ٮy3>E">"@\9_^E^?生AYN_/9P~S{3 ?9s w3~]7]?/WW9q_ s?=_oP埀>g(W}3sn&&oonr/=IR<9k]T(RhK "S^9,.Osr𞫫i@LweP`24UF` Ԋz!J1 =4`֭tKo1;BDO"OӱW ;fCWe",dƋ&æʗጽNۯDʑ $` pLB Psgq =u] YI-,XA0YǤK4l!Klɜ]k'b"'mgP&L; O,O~f+g- ĪG9ШscwˡB~22VH'ՃoBR .LESzq ;;8,_bY\YYgq˭d<@T6_rށw $C|HN,}gB3s{Ī]EF}q!rE> \^h " n#qULZAۀY0 ;`51*פpDy%FՋpaHzBG=Xt(E,Ma-ăW v,˽)==ASh<ϛW5EXI%^EmÜz)JJ)@bފRΥJum }c"1b9?"ㅰx!ZQy|XT ,sD<>K:S3U)ւ_/gзǁ/K{KV9((& ]a1W%$}HRݤ_[=$sDJrE)ߠ(b/<% *`>/#^kNB`tp"sSC@_܅eNUhJl[9ud2- kc'pg!-X0 n=ձ]w O`7@#>&rd{KokSsL%:Ɛ9-S)0p,\ftO6C|gKo?[=ȾJ B ϱɮx*3@WD0;"6ic.KE&(Xp\'AΙَz&gw>G-Hxkyf#%SWJP'jdVw@8̛ m+~HױI$`:#Vږ+yL1e~}J<3G(u",@zP`y%K@4zW qS`hwq#1uVBR(at!L?U1?c5VIٶ7G,cݰ Qa[:6 n ۊ uy˷DM\7'me#FP1W)?&Il} ra|X ^}+o=ȉe6뙣]g0^n,eH}+qd.GDI Ik.-wvua4,Lb9"[^'QI 8`RжX3"@a)5BLN7 S 3pRaL $b[иODNű<<Sf )VSL_X1_Q>q&g\ƕEy@Xqө8Yo~.)Z,{ٗN[/<|;XYt0y']f*FRqOR||<(>w3u㖗xty"Em9EKB^ T>VurҹuM+_0dF-<#Dg˳̆UZ*$8n~뉘h6JM? ۔̡9MR"Zi/!zR<>էr09dv?,MMn3a-d