On Saturday 13 January 2007 16:39, Mike Miller wrote: > On Fri, 12 Jan 2007, William Hooper wrote: > >> What do we know about which VNC versions are vulnerable? > > > > Check it out using the CVE number: > > > > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2369 > > > > This references the bug in version 4.1.1. > > Thanks! That's what I thought. This note from Red Hat is funny: > > Official Statement from Red Hat (8/16/2006) > This issue only affected version 4.1.1 and not the versions distributed > with Red Hat Enterprise Linux 2.1, 3, or 4. > > It is true because they are still distributing Xvnc version 4.0b4. I have > been asking for a newer version, but they won't give it to me! The reason > I've been asking for a newer version is that an nmap scan of port 5901 on > the Linux server kills the Xvnc session. Our IT group likes to scan me as > part of a security check and this provides a DoS, but this has so far come > only from our IT group and not from outside. Madness.
Maybe their scanning is a bit too aggressive? Ask them to run nmap with a -T0, or -T1 option to slow down the packets (but the scan will take longer) and also -P0 to stop pings. -- Regards, Mick [demime 1.01d removed an attachment of type application/pgp-signature] _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
