January 27, 2008
On Friday, January 25, 2008, the developers of Ultra VNC
announced that an exploitable vulnerability was discovered in the
vncViewer, while running in "listen" mode.
Details of vulnerability:
A hostile-machine could emulate
UltraVNC-server, connect to a system running vncviewer in listen mode,
and take the control of the machine. Control is not automatic, a manual
click to accept is still required on the listening viewer, but
it's easy to inadvertently/routinely accept (bad practice!)
Remedies:
-
upgrade vncviewer.exe to
1.0.4 security fix version
-
avoid use of vncviewer in
listening mode
-
confirm trusted UltraVNC
servers before accepting connections
-
always use a DSM plugin
Notes:
-
does NOT affect vncserver,
only vncviewer in listen mode (reversed connection)
-
does not affect normal
out-bound vncviewer connections
-
currently, we don't have any
end-user client sites utilizing this advanced feature
-
only consultants with
advanced setup, such as your own custom 1-click support
-
effective immediately: all
Bravo workstations and gateway servers accepting reversed
connections have been upgraded.