Adrian Umpleby wrote: >> The next version of VNCThing (2.3) will be linked with zlib 1.1.4: should be >> available fairly soon. > > Thanks for the info! > > (Does that mean v2.2 is potentially vulnerable?)
I doubt it - the bug involves pretty specific circumstances (and depends on the exact behaviour of the malloc/free you link to). The Metrowerks malloc/free that VNCThing links to is a pool based system on top of the Mac OS NewPtr/DisposePtr allocator (which map to BSD's malloc/free on X, and are the lowest level on 9). Given the extra layer, the behaviour is probably pretty different to the libc that was originally involved. Also remember that if you were trying to exploit this on a Mac, you'd need to know PowerPC assembly - there's nothing in the VNC protocol to indicate the client platform, so a rigged/compromised server would almost certainly be trying to send x86 instructions. No Mac clients currently support listen mode, so any attack could only be made when a client connected to a compromised server (where the attacker knew in advance that a Mac was going to be the client, and could prepare a PowerPC buffer overflow). Obviously just updating to zlib 1.1.4 doesn't guarantee that there aren't any other potential problems - but it took less time than writing this mail. :-) > Just curious to know if you've also figured out the problem with dragging when > connected to an Xvnc server? (That's the only thing that's keeping me using > VNCDimension at the moment rather than VNCThing.) The plan is to switch to carbon events for mouse input, which will map much more cleanly onto the vnc mouse events: unfortunately I don't have access to an X11 box to test on, but if you'd like to give it a quick test before release let me know (off list). -dair __________________________________________________ mailto:[EMAIL PROTECTED] http://www.webthing.net/ --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
