[15022] in bugtraq
About VNC
daemon@ATHENA.MIT.EDU (Patrick Oonk)
Wed May 24 16:35:23 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000524114041.L3895@pine.nl>
Date: Wed, 24 May 2000 11:40:41 +0200
Reply-To: patrick@pine.nl
From: Patrick Oonk <patrick@PINE.NL>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Hi,
In a post to bugtraq yesterday I posted patches to the unix vncviewer
which turns it in a cracker by doing dictionary attacks on the
(win)VNC server.
Please note that WinVNC since version 3.3.3R6 incorporates code
that makes attacks like described in my previous post much harder.
Version 3.3.3R6 which was released at may 15, 2000. Please update
your server, use strong passwords and apply the AuthHosts
and QuerySetting registry settings if possible.
It can be gotten at http://www.uk.research.att.com/vnc/.
See http://www.uk.research.att.com/vnc/winhistory.html for what
has been changed.
Patrick
--
Patrick Oonk - PO1-6BONE - patrick@pine.nl - www.pine.nl/~patrick
Pine Internet - PAT31337-RIPE - PGPkeyID BE7497F1 - XOIP+31208723350
Tel: +31-70-3111010 - Fax: +31-70-3111011 - http://security.nl
PGP fingerprint A6 12 66 7F 22 84 1B E5 73 8C 99 F7 17 7B A3 98
Excuse of the day: solar flares
