Found 37 security holes in VNC on Linux, Windows
The researchers found a total of 37 security holes affecting four open source Virtual Network Computing (VNC) deployment solutions.
The researchers found a total of 37 security holes affecting four open source Virtual Network Computing (VNC) deployment solutions. Many of these have existed for more than 20 years, that is, from the late 20th century.
Specifically, the vulnerabilities were found in four VNC implementation solutions: LibVNC, TightVNC 1.X, TurboVNC and UltraVNC, by emergency security research team ICS CERT of Kaspersky. RealVNC - one of the extremely popular VNC solutions but not analyzed by unacceptable reverse engineering.
These VNC systems can be used on many famous operating systems, including but not limited to Windows, Linux, macOS, iOS and Android.
The deployment of VNC consists of two parts, the client and the server, allowing users to remotely access the system running the VNC server with the help of the VNC client using the RFB protocol to transmit "images." screen, data move mouse and press the "key.
More than 600,000 VNC servers are likely to be leaked
Kaspersky Lab's ICS CERT team found that more than 600,000 VNC servers can be accessed remotely via the Internet based on information collected by the Shodan search engine for Internet-connected devices - this estimate Excludes VNC servers running on local area networks.
The VNC security flaws that the team found were all due to inaccurate memory usage, with exploit attacks resulting in denial of service, glitches, as well as unauthorized access to people's information. use and execute malicious code on the target device. Many of these flaws have not been detected and fixed, even though they have existed for many years.
The full list of VNC vulnerabilities detected by the Kaspersky team is listed as follows:
LibVNC
- CVE-2018-6307
- CVE-2018-15126
- CVE-2018-15127
- CVE-2018-20019
- CVE-2018-20020
- CVE-2018-20021
- CVE-2018-20022
- CVE-2018-20023
- CVE-2018-20024
- CVE-2019-15681
TightVNC 1.X
- CVE-2019-8287
- CVE-2019-15678
- CVE-2019-15679
- CVE-2019-15680
TurboVNC
- CVE-2019-15683
UltraVNC
- CVE-2018-15361
- CVE-2019-8258
- CVE-2019-8259
- CVE-2019-8260
- CVE-2019-8261
- CVE-2019-8262
- CVE-2019-8263
- CVE-2019-8264
- CVE-2019-8265
- CVE-2019-8266
- CVE-2019-8267
- CVE-2019-8268
- CVE-2019-8269
- CVE-2019-8270
- CVE-2019-8271
- CVE-2019-8272
- CVE-2019-8273
- CVE-2019-8274
- CVE-2019-8275
- CVE-2019-8276
- CVE-2019-8277
- CVE-2019-8280
Kaspersky offers the following suggestions to prevent exploitation of these VNC security holes:
- Check if the device can connect remotely and block the connection remotely if not necessary.
- Inventory all remote access applications - not just VNC - and check to see if their versions are the latest. If you have doubts about the reliability of the application, please stop using. If you intend to continue deploying them, upgrade to the latest version.
- Protect your VNC server with a strong password. This will make the attack much harder.
- Do not connect to untrusted or untested VNC servers.
You should read it
- Some basic website security rules
- Top 10 security improvements in Windows Server 2019
- IBM embarked on FPT to distribute new network security solutions
- 4 best tips for server protection
- How to secure SSH server
- Information security test has the answer P3
- Microsoft added recovery, backup, security for Windows Server 2019
- Instructions for installing and configuring Microsoft Security Essentials
- Windows Server January Update causes Netlogon error
- The basic steps in dealing with network security issues that you need to understand
- Secure the server with Scapy - Part 1
- Learn about terminal security (endpoint security)
Maybe you are interested
Drawing Objects and Shapes in Pygame Giant pandas in Hong Kong zoo finally mate after nine years of trying, bringing hope to a threatened species 17 perfectly symmetrical masterpieces that make anyone happy 5 best SQL query optimization software to speed up MySQL The first 99 USD laptop in the world 10 qualities NEED to help you succeed