|
ALARM Group ALERT - click for a description of ALARM, The Computing Alert System
Alert Number: 051706-01
Alert Date: 05/17/06
Alert Title: Unpatched versions of RealVNC vulnerable to exploit
Update-to: none
OS/Platform/Application:
RealVNC Personal and Server edition < v4.2.3
RealVNC < v 4.1.2
Category: ALERT
Severity: MEDIUM
Attention: System Administrators, Desktop support personnel, RealVNC Users |
Summary: Several Internet Security-related resources are reporting the release of a"trivial and very effective" exploit for a vulnerability in the RealVNC Virtual Network Computing application. This vulnerability is listed as "highly critical" because successful exploitation is possible with no prior knowledge of the system password(s) and could result in complete (unauthorized) system access. RealVNC has made available updated version of its software which contain patches to address this vulnerability.
Recommended Actions: Persons responsible for the administration and maintenance of systems that use RealVNC applications are strongly encouraged to upgrade their systems to the latest version of software as soon as possible. See below for links to the upgrade and additional information on this vulnerability.
ITS Actions: The ITS Telecommunications Network Operations Center (NOC) is performing scans and will attempt to contact the appropriate support entities for any systems found to be vulnerable for this exploit.
Resources:
RealVNC update page:
http://www.realvnc.com/upgrade.html
SANS article on the RealVNC vulnerability:
http://isc.sans.org/diary.php?storyid=1336
eWeek Article on the RealVNC vulnerability:
http://www.eweek.com/article2/0,1895,1962394,00.asp
