Chris:
Heya. While I agree that the 'shatter' attack is something
every user should bring to Microsoft's attention (which I can see
in your email headers that you did), at the same time I don't
consider it a VNC problem. <duck>
Shatter, as I understand it, goes after the Win32 API
itself which just about *every* application piece of software on
Windows uses. The example you point to in the tombom reference
uses McAfee VirusScan if I recall. Anything that uses a WinAPI
popup can be exploited to run arbitrary code at the privilege
of that popup. Also, you need to have access to the machine. So
a user *could* VNC into your machine running as guest and use this
exploit to become administrator. But in my mind, VNC security
"stops" at controlling who can become guest.
Or perhaps I'm misunderstanding you: are you suggesting
that there are Windows and message boxes that WinVNC uses that
could be recoded to use custom popups, rather than WinAPI windows
which can be attacked with malicious messaging? wxWindows perhaps?
cheers,
Scott
> I recently tested the current vnc release (v3.3.3 R9) against the win32
> 'shatter' attacks recently referenced on many security mailing lists, and
> found that I can indeed obtain LocalSystem privileges using the same
> methods.
>
> I'm sure that most of the readers of most security lists and the vnc lists
> hold no illusions about the security provided by vnc, but this is
> regrettably something that falls outside the bounds of the typical
> cipher-strength and challenge problems.
>
> I'll post to the usual security forums in a week unless otherwise directed.
>
> References:
> http://security.tombom.co.uk/shatter.html
>
> Thanks in advance
>
> Sincerely,
>
> Chris Bellers
> OSA System Administrator
> Phantom Works, Boeing
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
http://www.realvnc.com/mailman/listinfo/vnc-list
