FNAL Critical Vulnerability Platform: Windows, Linux, Unix, Mac Product: RealVNC 4.1.1 and earlier Exploitation: Bypass authentication in RealVNC Patch By: 05/16/2006
There exists a vulnerability in RealVNC 4.1.1 and earlier which allows an attacker to bypass the password authentication and gain direct access to your VNC session. RealVNC 4.1.2 is not vulnerable to this exploit at this time. CST has detected an increase in VNC scans over the past few days. There are acceptable methods for remote desktop access to FNAL computers located at https://plone4.fnal.gov/P1/WinPol/policies/remotedesktop.doc VNC services must either be patched or disabled by the end of business day on Tuesday, 5/16/2006. Vulnerable installations will be blocked from network access. |
For assistance contact helpdesk@fnal.gov.
Information compiled and maintained by Computer Security Team ; last modified by TR on July 13, 2006. (Address comments about page to the Computer Security Team.) |