VNC Vulnerability

kai4785 · #1 22nd June 2006, 03:26 PM

I searched the boards for this, and can't seem to find much discussion about the topic.

VNC v 4.1.1 has had a major vulnerability exposed:
http://security.itworld.com/nl/security_strat/05232006/
http://isc.sans.org/diary.php?storyid=1331
http://secunia.com/advisories/20107/

The basics are that a running VNC server on your :0 display is vulnerable to an attack that would allow the attacker to log into your machine's :0 display (the one you see on your desktop) with out needing the VNC password.
--Story--
I was playing World of Warcraft one day, and my mouse kept jumping to the top and bottom of the screen, and it was really annoying. So I hopped out of WoW to see if my buddy was VNC'ing to my machine. To my horror, it was an open VNC Session, but to my utter enjoyment, it was an Windows junkie on the other end. The mouse paused for a moment while he located my Firefox Icon. Opened firefox, and I kid you not, tried over 10 times to rightclick the address bar and paste something he had copied before. No doubt he knew I was watching, and that it was a virus or other malware he was going to try to sendmy browser to. I opened a terminal window an ran:
#sudo tethereal > teth.txt
It ran for a moment, and he closed the window, obviously worried that I was doing something he didn't want me to. So I opened gedit, and started a little chat with the moron. I told him he's dumb for even trying and that I have his address, phone number, and ISP information, and the cops would be on their way in a few moments. No response, and the mouse was in my control again.
I closed the port 5900 to my machine and restarted X to kick him off if he was just playing possum.
--End Story--

What I'd like to know is why it's been over a month and yum repos still have not updated to version 4.1.2?
#sudo yum list vnc
Gives me version 4.1.1-39.fc5 as installed.
Downloading the rpm from realvnc.com and running rpm -U doesn't seem to wanna work.

Code:

$ sudo rpm -U vnc-4_1_2-x86_linux.rpm
Password:
error: Failed dependencies:
        libstdc++-libc6.2-2.so.3 is needed by vnc-4.1.2-1.i386
$ ls /usr/lib/libstdc*
/usr/lib/libstdc++.so.6  /usr/lib/libstdc++.so.6.0.8

So I ran this command:
$ sudo ln -s /usr/lib/libstdc++.so.6 /usr/lib/libstdc++-libc6.2-2.so.3

And I get the same thing.
Any ideas? Can I punch somebody in the stomach to get the update pushed through, or do I just need to be patient?

Thanks

evans · #2 22nd June 2006, 04:49 PM

I set up an ssh tunneled VNC connection following the instructions at
http://www.cl.cam.ac.uk/Research/DTG...nc/sshvnc.html

Maybe it can help you? It is written for those of us who know little or nothing!

kai4785 · #3 22nd June 2006, 06:36 PM

Interestingly enough, I came to the same conclusion. I run FC5 at work, and I use this string:
ssh -L 5800:localhost:5900 homepc
In my research, I found that the -R option allows me to open an SSH Session from work that allows me to then turn around and SSH back into the office.
ssh -R 2222:localhost:22 homepc
Then combine the two, and I can open an SSH session from work to home, which allows me to then SSH Tunnel back into work, and open a VNC Session. Once I run the -R from work, I run this from home:
ssh -p 2222 -L 5800:localhost:5900

What this doesn't fix is the VNC from my Treo 650 to my home pc. That's really what I'm after. I can't run an SSH Tunnel from my Palm to my computer at home, and I am quite often in need of a speedy google search when I don't have a computer handy. So VNC from Treo to Home is nice.

jhetrick62 · #4 23rd June 2006, 01:26 AM

Even if they would update the VNC as you are suggesting, you are still sending your password to login over the net, un-encrypted. I would not login to vnc with an unencrypted password, myself.

I only login to vnc through ssh tunnel. Treo access is nice, but at what cost? I hope that you are running denyhosts or some other form of tcp-wrappers on your ssh or after they get your vnc password, they will be into your box via ssh, possibly.

Jeff

kai4785 · #5 23rd June 2006, 04:33 AM

I understand the security risks involved in the vnc sessions I open from my palm. The "Aahhh" factor from being able to VNC from my palm, and the accessability to my machine is worth the risk, IMO. I have my screen locked with my user password, so they'd need that password as well. Last of all, I don't have any sensitive material, or irreplacable data. I do that on purpose.

So I appreciate the warning, and I'm glad that it's in the thread for those doing research and need the warning, but I'm really just a gamer with little to loose from a hacked machine (especially when it's a Windows Moron that could barely open firefox, I mean, come on!)

But back to the topic, is there any suggestion box for our FC5 yum repository guys? Anybody's door I can knock on, or email I can send to? I'm really not up a creek with out VNC'ing from my palm, but if I get in a situation later where I'd really like to push an issue, it'd be a nice resource to have.