[AG-TECH] RealVNC Authentication Bypass

[Cindy Sievers]

I know a lot of folks are using RealVNC,  just thought you might be 
interested in this security vulnerability.....


>"Internet Security Systems Security Brief
>>May 25, 2006
>>
>>RealVNC Authentication Bypass
>>
>>Summary:
>>
>>During the second week of May, a RealVNC vulnerability was publicly
>>announced.  This issue allows a remote attacker to obtain access to a
>>vulnerable system without authentication.
>>
>>This week, our researchers detected active exploitation.  This exploitation
>>indicates that attackers are connecting to vulnerable servers and gaining
>>unauthorized access (not simply probes for the vulnerability).
>>
>>Description:
>>
>>RealVNC Free Edition, Personal Edition, and Enterprise Edition could allow a
>>remote attacker to bypass authentication and gain unauthorized access to the
>>system. This is caused by the improper validation of the client
>>authentication method which could allow an attacker to successfully
>>authenticate to an affected system using the null authentication method.
>>
>>Affected Products:
>>
>>RealVNC Ltd.: RealVNC Enterprise Edition 4.0 to 4.2.2
>>RealVNC Ltd.: RealVNC Free Edition 4.0 to 4.1.1
>>RealVNC Ltd.: RealVNC Personal Edition 4.0 to 4.2.2
>>
>>On May 15th, RealVNC released patches, and customers were urged to upgrade to
>>version 4.1.2 of the Free Edition or version 4.2.3 of the Personal
>>Edition/Enterprise Edition.
>>
>>Business Impact:
>>
>>Compromise of the application can lead to exposure of
>>confidential information, loss of productivity, and further network
>>compromise. Successful exploitation of this vulnerability could
>>be used to gain unauthorized access to networks and machines."


============================================
Cindy Sievers           Los Alamos National Laboratory
sievers at lanl.gov        Group CCS-1 MS B287
tel:505.665.6602        Advanced Computing
fax:505.665.4939        Los Alamos, NM 87544
============================================