On Fri, 12 Jan 2007, William Hooper wrote:
What do we know about which VNC versions are vulnerable?
Check it out using the CVE number:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2369
This references the bug in version 4.1.1.
Thanks! That's what I thought. This note from Red Hat is funny:
Official Statement from Red Hat (8/16/2006)
This issue only affected version 4.1.1 and not the versions distributed
with Red Hat Enterprise Linux 2.1, 3, or 4.
It is true because they are still distributing Xvnc version 4.0b4. I have
been asking for a newer version, but they won't give it to me! The reason
I've been asking for a newer version is that an nmap scan of port 5901 on
the Linux server kills the Xvnc session. Our IT group likes to scan me as
part of a security check and this provides a DoS, but this has so far come
only from our IT group and not from outside. Madness.
Mike
_______________________________________________
VNC-List mailing list
[email protected]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
