NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2000-05

Subject: About VNC
From: Patrick Oonk (patrickPINE.NL)
Date: Wed May 24 2000 - 04:40:41 CDT

Next message: Noah: "Re: Problem with FrontPage on Cobalt RaQ2/RaQ3"
Previous message: Tomasz Grabowski: "Re: fdmount buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

In a post to bugtraq yesterday I posted patches to the unix vncviewer
which turns it in a cracker by doing dictionary attacks on the
(win)VNC server.

Please note that WinVNC since version 3.3.3R6 incorporates code
that makes attacks like described in my previous post much harder.
Version 3.3.3R6 which was released at may 15, 2000. Please update
your server, use strong passwords and apply the AuthHosts
and QuerySetting registry settings if possible.

It can be gotten at http://www.uk.research.att.com/vnc/.
See http://www.uk.research.att.com/vnc/winhistory.html for what
has been changed.

Patrick

--
 Patrick Oonk -  PO1-6BONE -  patrickpine.nl -  www.pine.nl/~patrick
 Pine Internet - PAT31337-RIPE - PGPkeyID BE7497F1 - XOIP+31208723350
 Tel: +31-70-3111010  -   Fax: +31-70-3111011   -  http://security.nl
 PGP   fingerprint   A6 12 66 7F 22 84 1B E5  73 8C 99 F7 17 7B A3 98
 Excuse of the day: solar flares

Next message: Noah: "Re: Problem with FrontPage on Cobalt RaQ2/RaQ3"
Previous message: Tomasz Grabowski: "Re: fdmount buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]