January 27, 2008

On Friday, January 25, 2008, the developers of Ultra VNC announced that an exploitable vulnerability was discovered in the vncViewer, while running in "listen" mode.

Details of vulnerability:

A hostile-machine could emulate UltraVNC-server, connect to a system running vncviewer in listen mode, and take the control of the machine. Control is not automatic, a manual click  to accept is still required on the listening viewer, but it's easy to inadvertently/routinely accept (bad practice!)

Remedies:

• upgrade vncviewer.exe to 1.0.4 security fix version

• avoid use of vncviewer in listening mode

• confirm trusted UltraVNC servers before accepting connections

• always use a DSM plugin

Notes:

• does NOT affect vncserver, only vncviewer in listen mode (reversed connection)

• does not affect normal out-bound vncviewer connections

• currently, we don't have any end-user client sites utilizing this advanced feature

• only consultants with advanced setup, such as your own custom 1-click support

• effective immediately: all Bravo workstations and gateway servers accepting reversed connections have been upgraded.