RealVNC Remote Authentication Bypass Vulnerability

To exploit this issue, attackers will likely modify readily available open-source VNC client software.

Exploit code is available by the reporter of this issue. It is not currently known to be publicly available.

HD Moore has provided an example using the Metasploit Framework. BL4CK has supplied a patch to VNC 4.1.1 to exploit this issue.

A scanner application is available by ad@heapoverflow.com. Note that Symantec has neither tested this scanner application nor verified it to be safe. Please see the references for more information.

A multi-threaded scanner application based on the ad@heapoverflow.com version is available from Matt Venzke. Note that Symantec has neither tested this scanner application nor verified it to be safe.

embyte has supplied a patch to VNC 4.1.1 to exploit this issue.

UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.


 

Privacy Statement
Copyright 2010, SecurityFocus