On Wed Aug 25 23:49:00 2004, b kwok wrote:
Want to verify and confirm if this attack sucess by sending more than 60 connections request to VNC server on windows platforms, any fix for that?
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1068.html
I hope this will be fixed soon. It seems to be real because it was picked up by SANS, as reported below.
Mike
******************************************************************* @RISK: The Consensus Security Vulnerability Alert August 30, 2004 Vol. 3. Week 34 *******************************************************************
[snip]
04.34.17 CVE: Not Available Platform: Third Party Windows Apps Title: RealVNC Server Remote Denial of Service
Description: RealVNC (Virtual Network Computing) allows users to access remote computers for administration purposes. It is reportedly vulnerable to a remote denial of service condition. This issue is exposed when an attacker makes 60 simultaneous connections with the server. The server eventually crashes, denying service to legitimate users. RealVNC version 4.0 is reported to be vulnerable.
Ref: http://archives.neohapsis.com/archives/bugtraq/2004-08/0346.html _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
