1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: RealVNC remote Authentication Bypass CVE-2006-2369

Attack: RealVNC remote Authentication Bypass CVE-2006-2369

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects the VNC client requesting NULL authentication when the VNC server does not support NULL authentication.

Additional Information

RealVNC (Virtual Network Computing) allows users to access remote computers for administration purposes.

RealVNC is susceptible to an authentication bypass vulnerability. This issue is due to a flaw in the authentication process of the affected package.

During the initial handshake and authentication process between VNC clients and servers, a list of authentication methods is sent to clients. The client chooses a method and returns a byte specifying the method it wishes to continue with. The flaw presents itself due to the server not properly validating that the requested method that the client sends to it was actually one of the methods allowed by the server.

This issue allows remote attackers to request an anonymous authentication method, which will be incorrectly accepted by the server. This allows them to gain full control of the VNC server session.

Exploiting this issue allows attackers to gain unauthenticated, remote access to the VNC servers. RealVNC version 4.1.1 is vulnerable to this issue; other versions may also be affected.

Affected

  • RealVNC RealVNC 4.1.1
  • RealVNC RealVNC Enterprise Edition
  • RealVNC RealVNC Personal Edition

Response

The vendor has released fixes to address this issue.

RealVNC 4.1.1:
RealVNC Upgrade RealVNC Download Page

RealVNC RealVNC Enterprise Edition 0:
RealVNC Upgrade RealVNC Download Page

RealVNC RealVNC Personal Edition 0:
RealVNC Upgrade RealVNC Download Page

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube