Andrzej,
The first and second patches have been applied in the TightVNC 1.2.3
source. I do not know about the 3.3.3r9 source, but probably is the
correct answer. There are some DNS overflows that are still possible,
but the Securiteam issues have been fixed.
Thanks,
Andrew
-Original Messag
If no alternative can be found, can someone who runs the VNC list please
contact me - I *can* find a home for the list. But I'd prefer to see
what the team has in mind first. :-)
Personally, if I were AT&T ORL, if they really do have a trademark on
VNC, I'd be chasing down the vnc.com, vnc.org an
EMAIL PROTECTED]] On Behalf Of Jean LECLERCQ
Sent: Friday, 5 April 2002 6:35 PM
To: [EMAIL PROTECTED]
Subject: Re: Password change
- Original Message -
From: "Andrew van der Stock" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, April 05, 2002 10:15 AM
S
This is the default (HKLM) vs user (HKCU) behavior. You need to go in
with the registry editor and make the HKLM password key the same as your
HKCU password key.
I'm working on a better UI for tight vnc that corrects this problem.
Andrew
-Original Message-
From: [EMAIL PROTECTED]
[mai
What version of make are you running? Do you have gmake? Irix 6.5.0 is
pretty old and needs a bit of an upgrade. What does uname -a give?
Hopefully you're using Irix 6.5.14 or .15.
http://support.sgi.com/colls/patches/tools/relstream/index.html
Also, if you have gmake 3.7.5 or later (latest is
Hi all,
The advisory is looking pretty solid, and I'll be posting it in some 24
hours from now to Bugtraq. Please check out the release candidate for
any last minute errors, omissions etc.
Changes since last draft:
* includes TightVNC 1.2.3 information and changes Const suggested
http://www.evi
http://www.evilsecurity.com/vnc/vnc-zlib-advisory-02.htm
If you have any comments, updates, etc, please mail me as soon as
possible - I'll be posting this to bugtraq at first thing Tuesday UTC
(10 am my time).
Thanks,
Andrew
-
T
Visual Studio .NET C++ Standard Edition in a retail box. :-)
This means I can finally distribute binaries (and the permissible
redistributables) for the stuff I've been playing with.
I'm currently learning about managed C++ applications. Excellent stuff.
It should be possible to port VNC View
TS access in administrative mode is actually governed by ACLs which you
can adjust in the TS configuration snap-in, and via group policy.
The security of the solution is better than the VNC solution, as the TS
solution will only let you log in as yourself, and only grant access to
disconnected de
Nick,
I think as it stands today (and unless a patch is forthcoming pretty
quickly), VNC fails your business requirements for the time being.
Use ConnectPriority=2 on the *server*. However, there's an outstanding
bug that allows VNC clients to come in as "shared", and view this
connection but no
It might be traditional, but it's a dogs breakfast when it comes to
choking it through firewalls.
It's also fairly wasteful of scarce resources on busy servers.
Andrew
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Scott "The Axe"
O'Bryan
Sent: Wedn
It is amazing people read Slashdot at all, what with their up to the
year coverage of old news, finger definitely on the corpse's pulse.
We had this discussion in December 2001. Certainly keep up with the
times.
Andrew
-
To
PS. In the ActiveX control:
100321D0: 17 52 6B 06 23 4E 58 07 43 6F 75 6C 64 20 6E 6F .Rk.#NX.Could
no
100321E0: 74 20 66 69 6E 64 20 6F 72 20 69 6E 69 74 69 61 t find or
initia
100321F0: 6C 69 7A 65 20 63 6F 6D 70 61 74 69 62 6C 65 20 lize
compatible
10032200: 7A 6C 69 62 20 70 6C 75 67 69 6
Alex,
Alex K. Angelopoulos [[EMAIL PROTECTED]] wrote:
> Is there a way I can tell externally whether a VNC implementation
> allows ZLib compression?
If you have Visual Studio, use dumpbin.exe to find out (works on DLLs
and OCXs just fine):
C:\home\ajv\My Projects\vnc_winsrc\winvnc\Debug>dumpbin
You do have to authenticate against the server or hijack the session
(hard on most platforms today with good random ISS generation, but not
95 or 98 or NT < ~4.0 SP4)... and the RFB protocol doesn't allow mutual
authentication, so it's no greater risk than before. The MITM stuff has
been present s
Yep - only the client should be affected by this, and we do not suffer
at all from the other gzip vulnerability (long filenames > 1028
characters).
The prerequisites required to allow this exploit are:
* the server must be capable of using zlib for encoding
* you must logon and authenticate to t
Depends on your malloc() implementation. The thing that causes the bug
to appear is an input stream constructed *just* *so*, and that *is*
platform independent as the inflate input stream is the same regardless
of platform. Bad things happen when malloc()/free() from libc is also
faulty or fails i
Done.
Andrew
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Jonathan Morton
Sent: Thursday, 14 March 2002 2:25 PM
To: [EMAIL PROTECTED]
Subject: Re: VNC zlib Advisory draft 1
>Product:ChromiVNC
ChromiVNC does not yet implement the Zl
An up-to-date PGP signed copy of this release will be maintained at
XXX: To be advised.
Copyright 2002, Andrew van der Stock et al. All Rights Reserved.
-
To unsubscribe, mail [EMAIL PROTECTED] with the lin
GPO's are applied like this:
Machine boots
* local registry made available to the system fairly early on (parts are
available (HKLM\System) or created (HKLM\Hardware) in the DOS-mode
portion of the boot process)
All the devices and services start, GUI fires up, and soon (on Win2k)
you'll see a
Alex,
I developed the ADM file I sent you under Windows XP. I'm fairly sure
that with a bit of testing, we can get some comfort levels with the ADM
file under Group Policy in Win2k and XP.
I had no idea that the ADM file format was static enough that NT 4.0 was
able to use the stuff that I work
Marko,
I downloaded the WinCE .NET emulator, and I am installing it now. This
is a pretty damn sexy install - it even comes with the WinCE 4.0
"shared" source code.
I'm pretty sure I can recompile the WinCE VNC viewer, but... as you run
WinCE 3.0, it may not work, but I don't have access to the
The GX1 is a x86-compatible processor. Get someone who has the WinCE SDK
to compile a version for the WinCE simulator and release that. It should
work unmodified on the webpad.
The simulator is very funky - it thunks the Win32 calls from WinCE apps
to the real system and the processor just happe
I wasn't really aiming at making a .NET framework conversion - the
WinVNC source is not written in MFC, so there's only a minor amount of
benefit to adding in .NET at this stage.
Also, going to .NET would probably mean ditching Win9X. I personally
don't care - it's a dead end, but many on here w
> *** STOP: 0x00D1 (0x0006,0x0002,0x,0x0006)
> DRIVER_IRQL_NOT_LESS_OR_EQUAL
These are the rarest of all blue screens. Can you also supply a list of
all your devices, and the driver version you're using? Are many devices
sharing the same interrupt? Are you running the lat
In the DDK, you can get the HCL test suite for video drivers. If you
pass this suite, you're sweet. Given enough perseverance and a few
changes to the way WinVNC implements things, you can get the "Designed
for Windows" logo.
http://www.microsoft.com/hwdev/driver/default.asp
The driver verifier
Are you thinking of exposing VNC to COM+ automation?
Please say yes! :-)
I knew that shiny new ATL Project wizard in VS.Net was going to be
useful for something.
Andrew
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Alex
Angelopoulos
Sent: Thursday
Alex,
Group policy and make the product deployable using assigned software
policies.
This is how you can truly reduce the amount of time and angst of dealing
with VNC in a domain environment. I cannot stress this enough. By using
Group Policy, you can eliminate about 99% of the work of deploying
Mike,
Check out the Foundstone guys, and in particular the guys who wrote the
particularly poorly titled "Hacking Exposed". In the book, they discuss
in detail all the ins and outs of remote control technology for a
variety of products from pcAnywhere to Terminal Services, including a
decent set
It's not the way VNC hooks itself to the video driver, it's the way VNC
responds to the Service Control Manager's SERVICE_CONTROL_SHUTDOWN
message - in that we don't. VNC (correctly) dies as soon as the service
shutdown message is given. But there's a difference between stopping and
shutting down,
It was me. Look for my name when looking for the details/
The trick is that we need to let the SCM know that we are shutting down
(STOP_PENDING), and simply ignore that. The SCM will kill us as the last
thing it does. The VNC SC handler must be cognizant of the state of the
machine - we don't wa
Buffer overflows are everyone's problem, and not limited to just
Microsoft. The problem is that under Windows 2000, VNC runs as
LOCALSYSTEM, sort of equivalent to the Unix "root" account, except that
LOCALSYSTEM is more privileged than "Administrator" and less useful as
it can't directly use SMB n
In the fictitious RFB 4.0 that I'm working on:
http://www.evilsecurity.com/vnc/
message length and smaller packets are both there. Sometime soon, I've
rev the protocol draft to include an excellent suggestion to use secsh
as the transport, and use RFB on top of that.
Andrew
-Original Mess
EMAIL PROTECTED]
Subject: Re: Draft 3 of the RFB 4.0 protocol
Andrew, will there be a feature that will allow the server to drop it's
connection after a specified time of no activity?
--
Sam Andronico
Broadcast Services
Tel. (416) 215-5750
Fax (416) 861-1824
Andrew van der Stock wrote
(This will be the second last announcement to the main VNC list - if you
want to continue discussions on the VNC protocol, please join the
rfbhackers mailing list by visiting:
http://lists.sourceforge.net/mailman/listinfo/securevnc-rfbhackers
)
After much work today, I've filled in a great deal o
Hi there,
I've just added a new mail list to the SecureVNC sourceforge project as
it's the easiest way for me to get a low-admin mail list configured. If
the list doesn't exist just yet, hang in there - it will exist in less
than 24 hours.
[EMAIL PROTECTED]
To subscribe, visit:
http://lists.s
Dave,
Do you make it harder for the NT users to retrieve or set the password
key from the registry? The password key should be System:FullControl,
Administrators:Full Control (and that's it).
Lots of boxes do not have local or remote registry permissions, allowing
VNC to be hijacked from the lo
My efforts are for *all* of the VNC projects.
It's somewhere for all projects to go, and to be able to leverage the
great stuff many of them have done (scaling, better encoders, etc) and
make it available to all, whilst documenting and normalizing the
protocol, and getting the intractable securit
I mention scaling in the introduction of the document. Just not directly
implemented into the draft as yet. I hope that server-side scaling, once
implemented in the draft protocol, will allow more widespread adoption of
this handy feature. Antialiasing could be done by the server, but I think
that
of extension
> mechanism.
> What ever you need you got my help.
>
> Regards,
> - Shay;
>
>
>
> -Original Message-
> From: Andrew van der Stock [mailto:[EMAIL PROTECTED]]
> Sent: Monday, January 14, 2002 1:48 AM
> To: [EMAIL PROTECTED]
> Subject: Re:
Yes - the protocol document is designed to fully and comprehensively
document all currently used popular extensions (Palm scaling, tight
enconding, gzip stuff, etc) and try to make a simpler protocol that all
servers and clients can use. As I own platforms that are 32 bit LE, 64 bit
LE, and embedd
Illtud,
I work on the win32 platform, and is my preferred development environment. I
also have a NetBSD/alpha box, a RH 7.2 box, and a Palm m100. The easiest way
for me to do quick hack work is in Visual Studio .Net, but it's fairly
irrevalent at the time being - the document must be finished and
I've been working for some time on VNC 4.0 (or something). The documentation
for this is at:
http://www.evilsecurity.com/vnc/
Major features of 4.0:
* Backwards compatible for authentication, so no new tcp ports required
* "Channels" - sound, file transfers, local printers, clipboard, etc out o
NDOWS\MEMORY.DMP.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
I have a 256 MB dump from the above for anyone who wishes to have a go
at diagnosing it. You will need the XP 2600 symbols (which are on the XP
cdrom) to make a good go of it.
Thanks,
There is no difference since NT 4.0 days between Win-R (Start->Run),
cmd.exe and short cuts in Explorer. IE 4.0 made things even more
blurred.
The 16 bit DOS interpreter, command.com should not be used. It's not
present in Windows XP 64 bit edition for example (thank god).
Andrew
-Original
I think I know what you want to do. The trick is that the port number is
internally represented an signed 32 bit number, so can be represented in
a two's complement manner. Change the port number to the equivalent
large decimal number.
-5879 is E909 which is 4294961417
Andrew
-Origina
Bader,
This is bad. The problem for you is that the registry permissions are
too weak as well as the ability for any joe bloggs to decode the
password. Did you know that you only need WinVNC's own source code and a
compiler to reverse the password? Additionally, with a copy of WinVNC
server, it i
If people stuck to doing things exactly as described in MSDN, there
wouldn't be problems when MS upgrade the OS. It's been my experience
over the last 7 or 8 years that well written programs rarely, if ever,
break. The problem is that too many programs are not written well.
Things that you do ex
The main reason that you might have a failure is if the Terminal Server
extensions are also installed. TermSrv completely changes the way the NT
console (the primary Windows "station") is handled.
As soon as we work out how to co-exist or leverage the TermSrv stuff
(some of it is very nice), thes
a stand-alone
> configuration utility? Even editing a flat configuration file would
> be easier than having to dive into Microsoft's hellish registry
> structure. ;)
>
> -Original Message-
> From: Andrew van der Stock [mailto:[EMAIL PROTECTED]]
> Sent: Monday
There are problems with the review, but we should take the valid
criticisms on board.
Documentation could be improved, particularly for first time users.
Dialog boxes could be better from a purist HCI point of view
Security can be made easier (particularly the hidden AuthHost stuff)
Localization
k the result (me
bad!).
Andrew
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Tim Waugh
Sent: Tuesday, 4 September 2001 18:34
To: Andrew van der Stock
Cc: [EMAIL PROTECTED]
Subject: Re: [patch] make vncpasswd create ~/.vnc if it doesn't exist
On Tue, S
NO! NO! NO! NO!*
Do not EVER trust the environment, particularly when using sprintf() with
bounded arrays! This is how we got into all that locale, xmcd, kerberos,
dtmail (and so on... the list is endless) bother.
Create the directory securely, and test for its existance before you go out
and cr
Dead Rat 7.1 uses xinetd, and you can find templates for the other services
in /etc/xinetd.d (from memory). Each service has a file in there, and you
will want to copy one of those for VNC and change the line for "disable" to
"enable", and kill -HUP xinetd.
xinetd is supposedly better and you can
Hi there,
I'm using Windows XP, and am wondering if anyone else is having fun trying
to make VNC work with it. VNC works, but as soon as I do a fast user switch,
the server doesn't seem to be happy.
I'm reasonably certain the problem relates to the TermSrv stuff built into
all XP boxes (even hom
Yan, that wasn't what the dude asked for. It's not MS FUD or a troll. The
question is simple and the answers are as varied as everyone on this list.
Being rude or disdainful of a person's platform is extremely
counterproductive and causes a ghetto gap between platforms, and will
further marginalis
You can also use an IPsec policy if both machines are Windows 2000 or later
(but not on XP Home) or the OS supports IPsec (like NetBSD or any of those
using Kame's IPsec). I believe Linux might have a working IPsec
implementation, but the last time I looked at Free S/WAN, it had real
interoperabil
The GPL license allows you to sell VNC, with a caveat or three:
http://www.fsf.org/licenses/gpl-faq.html#TOCDoesTheGPLAllowMoney
You need to provide a method for your users to download the source _they_
use (ie, it's not good enough to provide the standard applet if you've
modified it). For exam
Hi there,
I'd certainly like to be included in your version 5.0 protocol. Everything
should be backward compatible, ie a 3.0 client should be able to
authenticate to a 5.0 server, as long as the 5.0 server allows it.
The main reason I chose for incrementing the rev by a whole number is simply
be
.net
>
>
> > -----Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Tristan
> > Richardson
> > Sent: Monday, July 16, 2001 11:58 AM
> > To: Andrew van der Stock; [EMAIL PROTECTED]
> > Subject: Re: RFB Protocol 4
Good idea, if that's not already in ORL's 4.0 doco. I'll add it to the
gestalt stuff that I've already written up.
I'm going to plonk the draft of v5.0 on http://www.evilsecurity.com/vnc/ as
soon as I've passed it around a few key people. Again, I'm volunteering to
co-ordinate and document all cu
Hi there,
I'm working on a revision to the RFB protocol for authentication and a few
other things. I'd like to see all the other encodings documented, including
the Tridia ones. If you have information on these other encodings or
corrections to the current ones, and would like to see them fully
d
No - it's a challenge/response, and normally this is good enough for most
internal networks. I'm sure the people working on the inital go of RFB auth
#2 were probably thinking it was secure, but getting crypto stuff right is
Hard(tm).
The problem is the passwords are stored at the server end, wit
Would audible beeping every five seconds plus a non-modal systray balloon be
more helpful? At night it doesn't matter if there's beeping. Establishing a
feature like time of day exclusions is a relatively major effort.
Andrew
- Original Message -
From: "DTT.De.Grave.Johan" <[EMAIL PROTECT
No.
VNC client to/from server traffic is not encrypted and can be intercepted
and replayed. VNC has very weak authentication (it's reversible), and the NT
4.0 registry permissions are atrocious. VNC uses well known ports. It
doesn't log adequately. It is not possible to determine who is using the
If they are attending uni, they are not kids. In most countries people
eligible to attend uni can drive, vote, buy and consume alchohol. Why treat
them as kids? In fact, I'd be unhappy if actual "kids" were treated in this
stasi-like fashion as well.
There are non-technical solutions to this issu
In past projects, where C has been used, we've gone for C++ like constructs:
globals are prefixed such as
gLog
g_log
And struct elements are done like:
mLog
m_log
And local (stack) variables are done like:
lVar
l_var
I'd suggest reading Code C
On Thursday 25 January 2001 02:44, you wrote:
[snip]
> As for the randomosity argument, this may be fixable on UNIX systems but
> not on conventional desktop systems (Mac, Windows). Any ideas on how to
> deal with the problem on systems without any true entropy gathering? If
> there is a sensib
I have an old fix for this on my Win2K box from the time it was last brought
up on BugTraq (search the VNC archives for that discussion). I never really
got around to sending the patch around because this list has a MIME stripper
and I lost interest there for a while.
The fix is simple:
I did an
Most of the default X clients are able compile and run and are able to be
displayed locally and remotely on X servers including Saddiq's (et al) beta
quality Win32 X server (which is a direct port of XFree86) included in
XFree86 4.0.2.
The page you're looking for is here:
http://cygwin.com/xfree/
There are two ways to do the fix, one is to change the current
::RegCreateKey() to ::RegCreateKeyEx(), which contains the additional
security thing, which is the meat of my previous effort.
Or as I saw your point about too tight permissions, I have been working on
finding out if we are running on
If you are concerned about data between devices, you need to use a transport
layer encryption mechanism, like IPsec, ssh or similar. With compression,
the data at least becomes obscured, but things like Ethereal can reassemble
streams if they have a plug-in developed for the purpose.
Andrew
It hasn't been addressed in either the original or tridia releases as far as
I am aware.
I have a little addennum that I have tested on my Win2K box that resets the
permissions upon server/service start, I should really get around to
contributing that code for WinVNC. I no longer have NT 4.0 arou
73 matches
Mail list logo
