漏洞信息详情
RealVNC VNC Server 授权问题漏洞
- CNNVD编号:CNNVD-200605-290
- 危害等级: 高危
- CVE编号: CVE-2006-2369
- 漏洞类型: 授权问题
- 发布时间: 2006-05-15
- 威胁类型: 远程
- 更新时间: 2022-05-16
- 厂 商: vnc
- 漏洞来源: James Evans iamjam...
漏洞简介
RealVNC VNC Server是英国RealVNC公司的一个远程访问软件的 VNC 服务器。
RealVNC VNC Server 存在授权问题漏洞,该漏洞源于采用的RFB(远程帧缓冲区)协议允许客户端与服务端协商合适的认证方法,协议的实现上存在设计错误,远程攻击者可以绕过认证无需口令实现对服务器的访问。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://www.realvnc.com/download.HTML
参考网址
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/434560/100/0/threaded
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2006/2492
来源:OSVDB
链接:http://www.osvdb.org/25479
来源:FULLDISC
链接:http://marc.info/?l=full-disclosure&m=114768344111131&w=2
来源:CONFIRM
链接:http://www.realvnc.com/products/free/4.1/release-notes.HTML
来源:MLIST
链接:http://marc.info/?l=vnc-list&m=114755444130188&w=2
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/434117/100/0/threaded
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2006/1821
来源:MISC
链接:http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.HTML
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/438175/100/0/threaded
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2006/1790
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/438368/100/0/threaded
来源:SECUNIA
链接:http://secunia.com/advisories/20109
来源:SECUNIA
链接:http://secunia.com/advisories/20107
来源:SECUNIA
链接:http://secunia.com/advisories/20789
来源:SREASON
链接:http://securityreason.com/securityalert/8355
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/433994/100/0/threaded
来源:MISC
链接:http://www.intelliadmin.com/blog/2006/05/security-flaw-in-realvnc-411.HTML
来源:BID
链接:https://www.securityfocus.com/bid/17978
来源:CERT-VN
链接:http://www.kb.cert.org/vuls/id/117929
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/434518/100/0/threaded
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/26445
来源:CISCO
链接:http://www.cisco.com/warp/public/707/cisco-sr-20060622-cmm.sHTML
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/434015/100/0/threaded
来源:FULLDISC
链接:http://seclists.org/fulldisclosure/2022/May/29
来源:SECTRACK
链接:http://securitytracker.com/id?1016083
受影响实体
- Vnc Realvnc:4.1.1
补丁
- RealVNC VNC Server 授权问题漏洞的修复措施
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论