RealVNC 4.1.1 and prior exploits on the loose
As reported over the last several days, there is a critical problem with RealVNC 4.1.1, there is NOW an exploit in the wild for RealVNC 4.1.1, that SANS is looking for more information on. There are updates from RealVNC for all affected product lines. Other VNC implementations have not been reported to be affected. Only (as far as I know), RealVNC 4.1.1 on Windows (prior versions may be, but the initial report didn’t indicate 4.1.0 to be vulnerable.) Don’t take the last sentence to give an excuse NOT to check, check if you have updates for your vnc product.
Here are some samples from incidents.org…
Austin from the UK reports that all shared printers in his office stated to print:
Dear Network Administrator.Please do not be alarmed.
My team is network security specialist.
You are using a vulnerable version of VNC.
Please upgrade your version soon.
We have not accessed your data but we could have.
Have a nice day
The intrusion reportedly happened on a workstation where a visitor left a VNC server running.
He notes that “RealVNC logs all connection IP addresses in the event manager which some people didn’t know”.
An Anonymous report about the installation of typical tools installed by the warez and hacker crowd such as Serv-U and pwdump.
Update….