Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

RDP Loves Company: Kaspersky Finds 37 Security Holes in VNC Remote Desktop Software

posted by Fnord666 on Saturday November 23 2019, @11:17AM   Printer-friendly
from the it's-checkers-all-the-way-down dept.

martyb writes:

RDP Loves Company: Kaspersky Finds 37 Security Holes in VNC Remote Desktop Software:

This is all according to [PDF] a team at Kaspersky Lab, which has uncovered and reported more than three dozen CVE-listed security holes, some allowing for remote code execution.

VNC, or Virtual Network Computing, is an open protocol used to remotely access and administer systems. Much like with the BlueKeep flaw in Microsoft's RDP service, miscreants can exploit these holes in VNC to potentially commandeer internet or network-facing computers.

Kaspersky says that, based on its best estimates from Shodan searches, about 600,000 public-facing machines offer VNC access as do around a third of industrial control devices.

"According to our estimates, [more] ICS vendors implement remote administration tools for their products based on VNC rather than any other system," said Kaspersky researcher Pavel Cheremushkin earlier today. "This made an analysis of VNC security a high-priority task for us."

[...] The investigation kicked up a total of 37 CVE-listed memory corruption flaws: 10 in LibVNC, four in TightVNC, one in TurboVNC, and 22 in UltraVNC. All have now been patched, save for the bugs in TightVNC 1.x which were present in a no-longer supported version: you should be using version 2.x anyway.

[...] Admins can protect themselves from RDP and VNC exploitation by updating their software (or migrating off, in the case of TightVNC) and using network filters to lock down access.

Who's in control?

Original Submission

 
This discussion has been archived. No new comments can be posted.
RDP Loves Company: Kaspersky Finds 37 Security Holes in VNC Remote Desktop Software | Log In/Create an Account | Top | 11 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Saturday November 23 2019, @03:51PM (1 child)

    by Anonymous Coward on Saturday November 23 2019, @03:51PM (#923849)

    I use it in development to connect to a chroot. Piece of shit can't be configured to listen on localhost only, you have to separately firewall the public port. Also does 6 character passwords only for some alleged backward compatibility reason.

    I should just install from source and patch out the idiocy.

  • (Score: 4, Informative) by JoeMerchant on Saturday November 23 2019, @08:25PM

    by JoeMerchant (3937) on Saturday November 23 2019, @08:25PM (#923945)

    you have to separately firewall the public port.

    By design - ease of use vs security is a tradeoff. The most secure system is one with no access at all.

    I should just install from source and patch out the idiocy.

    Go for it, that's what open source is great for. As a practical matter, most people don't bother due to having to maintain both sides of the connection.

    The power of VNC is that it's cross platform, standard, and most implementations are pretty reliable.

    The weakness of VNC is that most people who implement a VNC server don't bother making their users jump through security hoops (myself included at the moment...) Good, solid security is available for VNC and any other client-server protocol via tunneling. Set yourselves up a secure tunnel (hundreds of flavors are available to choose from) and VNC securely all day and night.

    --
    🌻🌻 [google.com]