SecurityFocus

RE: [Full-disclosure] RealVNC 4.1.1 Remote Compromise May 18 2006 11:04PM
Krpata, Tyler (tkrpata bjs com) (1 replies)

Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise May 20 2006 12:22AM
Matt Venzke (mvenzke gmail com) (1 replies)

Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise Jun 05 2006 05:08PM
Tobias Kreidl (Tobias Kreidl NAU EDU) (1 replies)

Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise Jun 05 2006 11:33PM
Kurt Seifried (bt seifried org) (2 replies)

> How is it that even though this vulnerability has been known now for
> some time, Red Hat still has not issued a new package or security update
> that addresses this? On RHN, the most recent package I can find is
> 4.0.0 beta and the most recent security patch for VNC dates back to
> December 2004. Since Red Hat started distributing the package, why has
> it not been kept up with?

Probably because customers are not bugging them to much for it? I've never
used vnc-server on Linux or seen it used to be honest, and although it is a
nasty problem it's easy to deal with (just firewall it to trusted systems or
wrap a VPN around it). They are obviously aware of this issue (it was fixed
in Fedora Core 5, reported by Mark J. Cox).

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191692

-Kurt

[ reply ]

Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise Jun 07 2006 01:01AM
Bojan Zdrnja (bojan zdrnja gmail com)

Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise Jun 06 2006 10:10PM
Ray Van Dolson (rayvd digitalpath net) (1 replies)

Re: [Full-disclosure] RealVNC 4.1.1 Remote Compromise Jun 07 2006 06:07PM
Jose Ramirez (jose ramirez dynet com mx)