I just came across this report, thanks for letting me know though :)
Updated VNC and ran a sanity check that no things were added.
Taco
----- Original Message -----
From: "Larry Smith" <lesmith (at mark) ecsis.net>
To: <coba-e (at mark) bluequartz.org>
Sent: Saturday, May 27, 2006 3:24 PM
Subject: [coba-e:05419] Re: Kernel update question
> On Saturday 27 May 2006 04:59, Taco Scargo wrote:
>> It appears someone hacked my vnc password at home (or broke into my
>> house)
>> and sent the email with the rude dutch language in it to this mailing
>> list.
>> I apologize this happened. I have shutdown my pc at home so the person is
>> unable to connect anymore.
>
> <quote from ISS>
> Internet Security Systems Security Brief
> May 25, 2006
>
> RealVNC Authentication Bypass
>
> Summary:
>
> During the second week of May, a RealVNC vulnerability was publicly
> announced. This issue allows a remote attacker to obtain access to a
> vulnerable system without authentication.
>
> This week, our researchers detected active exploitation. This
> exploitation
> indicates that attackers are connecting to vulnerable servers and gaining
> unauthorized access (not simply probes for the vulnerability).
>
> Description:
>
> RealVNC Free Edition, Personal Edition, and Enterprise Edition could allow
> a
> remote attacker to bypass authentication and gain unauthorized access to
> the
> system. This is caused by the improper validation of the client
> authentication method which could allow an attacker to successfully
> authenticate to an affected system using the null authentication method.
> </quote>
>
> --
> Larry Smith
> SysAd ECSIS.NET
> sysad (at mark) ecsis.net
>
>
>
>