Saturday, April 17, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software

November 23, 2019
in Internet Privacy
Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Four popular open-source VNC remote desktop applications have been found vulnerable to a total of 37 security vulnerabilities, many of which went unnoticed for the last 20 years and most severe could allow remote attackers to compromise a targeted system.

VNC (virtual network computing) is an open source graphical desktop sharing protocol based on RFB (Remote FrameBuffer) that allows users to remotely control another computer, similar to Microsoft’s RDP service.

You might also like

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs

US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack

The implementation of the VNC system includes a “server component,” which runs on the computer sharing its desktop, and a “client component,” which runs on the computer that will access the shared desktop.

In other words, VNC allows you to use your mouse and keyboard to work on a remote computer as if you are sitting in front of it.

There are numerous VNC applications, both free and commercial, compatible with widely used operating systems like Linux, macOS, Windows, and Android.

Considering that there are currently over 600,000 VNC servers accessible remotely over the Internet and nearly 32% of which are connected to industrial automation systems, cybersecurity researchers at Kaspersky audited four widely used open source implementation of VNC, including:

  • LibVNC
  • UltraVNC
  • TightVNC 1.x
  • TurboVNC

After analyzing these VNC software, researchers found a total of 37 new memory corruption vulnerabilities in client and server software: 22 of which were found in UltraVNC, 10 in LibVNC, 4 in TightVNC, just 1 in TurboVNC.

“All of the bugs are linked to incorrect memory usage. Exploiting them leads only to malfunctions and denial of service — a relatively favorable outcome,” Kaspersky says. “In more serious cases, attackers can gain unauthorized access to information on the device or release malware into the victim’s system.

Some of the discovered security vulnerabilities can also lead to remote code execution (RCE) attacks, meaning an attacker could exploit these flaws to run arbitrary code on the targeted system and gain control over it.

Since the client-side app receives more data and contains data decoding components where developers often make errors while programming, most of the vulnerabilities affect the client-side version of these software.

Web Application Firewall

On the other hand, the server-side relatively contains a small code base with almost no complex functionality, which reduces the chances of memory-corruption vulnerabilities.

However, the team discovered some exploitable server-side bugs, including a stack buffer overflow flaw in the TurboVNC server that makes it possible to achieve remote code execution on the server.

But, exploiting this flaw requires authentication credentials to connect to the VNC server or control over the client before the connection is established.

Therefore, as a safeguard against attacks exploiting server-side vulnerabilities, clients are recommended not to connect to untrusted or untested VNC servers, and administrators are required to protect their VNC servers with a unique, strong password.

Kaspersky reported the vulnerabilities to the affected developers, all of which have issued patches for their supported products, except TightVNC 1.x that is no longer supported by its creators. So, users are recommended to switch to version 2.x.


Credit: The Hacker News By: noreply@blogger.com (Swati Khandelwal)

Previous Post

Crypto Black Friday Blowout Comes Early, But Who’s Buying ETH, XRP, and LTC?

Next Post

Extensive hacking operation discovered in Kazakhstan

Related Posts

22-Year-Old Charged With Hacking Water System and Endangering Lives
Internet Privacy

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems

April 16, 2021
YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs
Internet Privacy

YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs

April 16, 2021
US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack
Internet Privacy

US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack

April 16, 2021
More Sophisticated, Prevalent and Evolving in 2021
Internet Privacy

More Sophisticated, Prevalent and Evolving in 2021

April 16, 2021
1-Click Hack Found in Popular Desktop Apps — Check If You’re Using Them
Internet Privacy

1-Click Hack Found in Popular Desktop Apps — Check If You’re Using Them

April 15, 2021
Next Post
Extensive hacking operation discovered in Kazakhstan

Extensive hacking operation discovered in Kazakhstan

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Cyberattack on UK university knocks out online learning, Teams and Zoom
Internet Security

Cyberattack on UK university knocks out online learning, Teams and Zoom

April 17, 2021
SBI Sumishin Net Bank partners with DLT Labs on supply chain financing network
Blockchain

SBI Sumishin Net Bank partners with DLT Labs on supply chain financing network

April 16, 2021
Machine learning approach identifies more than 400 genes tied to schizophrenia
Machine Learning

Machine learning models may predict criminal offenses related to psychiatric disorders

April 16, 2021
Templates Vs Machine Learning OCR | by Infrrd | Mar, 2021
Neural Networks

Templates Vs Machine Learning OCR | by Infrrd | Mar, 2021

April 16, 2021
How you handle email replies matters for great customer experiences
Digital Marketing

How you handle email replies matters for great customer experiences

April 16, 2021
Google backs new security standard for smartphone VPN apps
Internet Security

Google backs new security standard for smartphone VPN apps

April 16, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Cyberattack on UK university knocks out online learning, Teams and Zoom April 17, 2021
  • SBI Sumishin Net Bank partners with DLT Labs on supply chain financing network April 16, 2021
  • Machine learning models may predict criminal offenses related to psychiatric disorders April 16, 2021
  • Templates Vs Machine Learning OCR | by Infrrd | Mar, 2021 April 16, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates