On Fri, 12 Jan 2007, Diana Hargus wrote:
Just had to clean up this new worm from an infected pc. Apparently the
vector was through an um-updated VNC on a friend's pc. Just another
reason to update and patch.
http://www.us.sophos.com/security/analyses/w32rbotgai.html
From the writeup on the worm at Sophos:
W32/Rbot-GAI spreads to other network computers by exploiting common
buffer overflow vulnerabilities, including: LSASS (MS04-011), SRVSVC
(MS06-040), RPC-DCOM (MS04-012), ASN.1 (MS04-007) and RealVNC
(CVE-2006-2369).
What do we know about which VNC versions are vulnerable? Is this worm
exploiting a well-known vulnerability? (The one we dealt with last year?)
Can it attack a Linux box?
Best,
Mike
--
Michael B. Miller, Ph.D.
Assistant Professor
Division of Epidemiology and Community Health
and Institute of Human Genetics
University of Minnesota
http://taxa.epi.umn.edu/~mbmiller/
_______________________________________________
VNC-List mailing list
[email protected]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
