Hello Rudi,
from what I heard only viewers were affected by several vulnerabilities. Not the server itself.
1. Is this correct, or were servers also affected?
2. A repeater listening on the standard viewerport for incoming reverse connections is a potential aim of people scanning for vulnerable vncviewers.
So, are we sure, that repeater is not vulnerable the same way the viewers were?
Why am I asking?
We have 2 repeaters running on the same machine in the internet. One listening on standard ports, one not.
The repeater on standard ports was marauding, not reacting sufficiently and causing high CPU percentage. The other one not.
We use repeater from 17/12/2017
After more 1 000 000 (one million) views on forum for 1.5.0.x development versions... and 1.6.0.0 version
A new stable version, UltraVNC 1.6.1.0 and UltraVNC SC 1.6.1.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38080
Feedback is welcome
Celebrating the 22th anniversary of the UltraVNC (25th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38031
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
Development: UltraVNC development is always here... Any help is welcome.
A new development version, UltraVNC 1.6.3.0-dev has been released, please test it: https://forum.uvnc.com/viewtopic.php?t=38091
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
A new stable version, UltraVNC 1.6.1.0 and UltraVNC SC 1.6.1.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38080
Feedback is welcome
Celebrating the 22th anniversary of the UltraVNC (25th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38031
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
Development: UltraVNC development is always here... Any help is welcome.
A new development version, UltraVNC 1.6.3.0-dev has been released, please test it: https://forum.uvnc.com/viewtopic.php?t=38091
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Latest VNC vulnerabilities
-
Rudi De Vos
- Admin & Developer
- Posts: 6952
- Joined: 2004-04-23 10:21
- Contact:
Re: Latest VNC vulnerabilities
The problem was the viewer.
The server is well protected as we always considered the server as the weakest point.
If you connnect a fake server with the viewer, you could use huge screens sizes and names
to overwrite memory parts.
A repeater has a data buffer.
We read max x size and send it, no risk as we just read data, not the content and we never erad more then x.
Verifying code, thanks to Kapersky i now know the spots to check..
The server is well protected as we always considered the server as the weakest point.
If you connnect a fake server with the viewer, you could use huge screens sizes and names
to overwrite memory parts.
A repeater has a data buffer.
We read max x size and send it, no risk as we just read data, not the content and we never erad more then x.
Verifying code, thanks to Kapersky i now know the spots to check..
UltraVNC links (join us on social networks):
- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/
- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/
Re: Latest VNC vulnerabilities
THX for the answer.
-
Rudi De Vos
- Admin & Developer
- Posts: 6952
- Joined: 2004-04-23 10:21
- Contact:
Re: Latest VNC vulnerabilities
updated repeater 150
https://www.uvnc.eu/download/1230/repeater_150.zip
To be sure replaced some functions with the secure version.
Please test.
Already running 6 hours a testserver
https://www.uvnc.eu/download/1230/repeater_150.zip
To be sure replaced some functions with the secure version.
Please test.
Already running 6 hours a testserver
UltraVNC links (join us on social networks):
- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/
- Website: https://uvnc.com/
- Forum: https://forum.uvnc.com/
- GitHub sourcecode: https://github.com/ultravnc/UltraVNC
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
- uvnc2me: https://uvnc2me.com/
Re: Latest VNC vulnerabilities
Running since 09:00 in production environment, normal (heavily) used. No problems until now.