Article 5430 at 06/05/28 09:05:50 From: lesmith (at mark) ecsis.net Subject: [coba-e:05430] Re: Kernel update question

Index: [Article Count Order] [Thread]
Date:  Sat, 27 May 2006 19:07:08 -0500
From:  Larry Smith <lesmith (at mark) ecsis.net>
Subject:  [coba-e:05430] Re: Kernel update question
To:  coba-e (at mark) bluequartz.org
Message-Id:  <200605271907.08406.lesmith (at mark) ecsis.net>
In-Reply-To:  <1486c6440605270818q5fb32997m4be3230c3a3aa5f (at mark) mail.gmail.com>
References:  <20060527095857.47F2911E24 (at mark) smtp.gprs.t-mobile.nl> <005901c6819c$1746b930$14001fac (at mark) DELLP4TACO> <1486c6440605270818q5fb32997m4be3230c3a3aa5f (at mark) mail.gmail.com>
X-Mail-Count: 05430

On Saturday 27 May 2006 10:18, Adam Crews wrote:
>
> On 5/27/06, Taco Scargo <taco (at mark) scargo.nl> wrote:
> > I just came across this report, thanks for letting me know though :)
> >
> > Updated VNC and ran a sanity check that no things were added.
> >
> > Taco
> > ----- Original Message -----
> > From: "Larry Smith" <lesmith (at mark) ecsis.net>
> > To: <coba-e (at mark) bluequartz.org>
> > Sent: Saturday, May 27, 2006 3:24 PM
> > Subject: [coba-e:05419] Re: Kernel update question
> >
> > > On Saturday 27 May 2006 04:59, Taco Scargo wrote:
> > >> It appears someone hacked my vnc password at home (or broke into my
> > >> house)
> > >> and sent the email with the rude dutch language in it to this mailing
> > >> list.
> > >> I apologize this happened. I have shutdown my pc at home so the person
> >
> > is
> >
> > >> unable to connect anymore.
> > >
> > > <quote from ISS>
> > > Internet Security Systems Security Brief
> > > May 25, 2006
> > >
> > > RealVNC Authentication Bypass
> > >
> > > Summary:
> > >
> > > During the second week of May, a RealVNC vulnerability was publicly
> > > announced.  This issue allows a remote attacker to obtain access to a
> > > vulnerable system without authentication.
> > >
> > > This week, our researchers detected active exploitation.  This
> > > exploitation
> > > indicates that attackers are connecting to vulnerable servers and
> >
> > gaining
> >
> > > unauthorized access (not simply probes for the vulnerability).
> > >
> > > Description:
> > >
> > > RealVNC Free Edition, Personal Edition, and Enterprise Edition could
> >
> > allow
> >
> > > a
> > > remote attacker to bypass authentication and gain unauthorized access
> > > to the
> > > system. This is caused by the improper validation of the client
> > > authentication method which could allow an attacker to successfully
> > > authenticate to an affected system using the null authentication
> > > method. </quote>
> > >
> > > --
> > > Larry Smith
> > > SysAd ECSIS.NET
> > > sysad (at mark) ecsis.net
> I used this document http://pigtail.net/LRP/printsrv/cygwin-sshd.html a
> while back to setup sshd on my windows machines, and I only use vnc over a
> ssh tunnel.  This eliminates all the security issues with vnc.
>
> -Adam

Very smart move.  Just about everything I do with my "boxes" is through ssh 
tunnel, and I only allow ssh to known, verified addresses once they "approve" 
the access through our office.

-- 
Larry Smith
SysAd ECSIS.NET
sysad (at mark) ecsis.net