This is making a lot of news since it was showed to M$ recently. However, I can't find where UltraVNC was tested. Does anyone know if it has been tested and if it passes or not?
http://www.google.com/search?q=VNC+injection+exploit
http://news.yahoo.com/news?tmpl=story&c ... s_nf/36563
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Is UltraVNC safe from the VNC Injection Exploit?
-
- 8
- Posts: 9
- Joined: 2005-06-20 03:10
Well, then maybe someone can explain how my system was taken over last night. After going through all of the logs, I see a VNC connection from belgium and then some software was installed. Fortunately for me, the guy disabled the VNC service and my machine rebooted. Upon reboot, zonealarm (which was off) came up and blocked everything
see e.g. http://www.metasploit.com/projects/Fram ... ode52.html
In your case it seems that some virus, trojan, etc. took over the system and installed a "customized" VNC server.
This is not related to UltraVNC.
In your case it seems that some virus, trojan, etc. took over the system and installed a "customized" VNC server.
This is not related to UltraVNC.
It certainly wasn't a virus/trojan. It was a person who was able to access my computer via UltraVNC 1.0. My computer is XP SP2 patched 100% and NOD32 was running and updated. I'm a CISSP so I have a pretty good grasp on what has happened, and it wasn't a virus.
Would there be any logs (failure or otherwise) anywhere in maybe the event log that would log a brute force attack?
I have an event log of an IP in belgium logging into VNC. (It's in the event) My account was logged in with the machine locked. The Administrator user (not my user) was used to install several applications. I managed to find a .RAR file with a lot of hacking files in it and WINRAR install program on my PC that weren't there before.
Would there be any logs (failure or otherwise) anywhere in maybe the event log that would log a brute force attack?
I have an event log of an IP in belgium logging into VNC. (It's in the event) My account was logged in with the machine locked. The Administrator user (not my user) was used to install several applications. I managed to find a .RAR file with a lot of hacking files in it and WINRAR install program on my PC that weren't there before.
- Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Sorry for your problem
7 chars paasword is considered as week but I don t think it was a brute force attackm cause theres a temporization and protection against this kind of attack in all VNC flavors,
Possibilities:
- Your password is easy to guess : by *friends* or collegues ?
- Your password was sniffed using an spyware or a virus or a VNC password cracker
- You werent attacked using a winvnc server
- It was a *man in the middle* kind of attack: do you connect from a LAN (work ?) at home ? In this case it is very easy for someone on your LAN that has a modified WinVNC + a sniffer to use this trick.
Suggestion: use the UltraVNC dsmplugin and/or MSLogon
7 chars paasword is considered as week but I don t think it was a brute force attackm cause theres a temporization and protection against this kind of attack in all VNC flavors,
Possibilities:
- Your password is easy to guess : by *friends* or collegues ?
- Your password was sniffed using an spyware or a virus or a VNC password cracker
- You werent attacked using a winvnc server
- It was a *man in the middle* kind of attack: do you connect from a LAN (work ?) at home ? In this case it is very easy for someone on your LAN that has a modified WinVNC + a sniffer to use this trick.
Suggestion: use the UltraVNC dsmplugin and/or MSLogon
UltraSam
I though I would chime in here and relate what happened to me last week. On July 12th, someone tried to brute force their way onto one of my remote servers. I noticed because my application event log was full (Windows 2000 Server). Anyway, for over 11 hours, an average of three attempts per minute was made, all failing. I do not employ encryption or MSLogon, but my password is a jumble of letters with varying capitalization, numbers, and symbols. Fortunately, that password saved us from having someone gain control of our backup data server, which has a copy of ALL of our company data. Whew.
Subsequently, I have disabled all Internet port fowarding and only connect to remote machines through VPN tunnels.
Subsequently, I have disabled all Internet port fowarding and only connect to remote machines through VPN tunnels.
Michael