Pavel Cheremushkin from Kaspersky Lab various implementations of the remote access system VNC (Virtual Network Computing) and identified 37 vulnerabilities caused by memory problems. Vulnerabilities identified in VNC server implementations can only be exploited by an authenticated user, while attacks on vulnerabilities in client code are possible when a user connects to a server controlled by an attacker.
The largest number of vulnerabilities found in the package , which is only available for the Windows platform. A total of 22 vulnerabilities have been identified in UltraVNC. 13 vulnerabilities could potentially lead to code execution in the system, 5 to memory leaks, and 4 to denial of service.
Vulnerabilities fixed in release .
In the open library (LibVNCServer and LibVNCClient), which in VirtualBox, 10 vulnerabilities have been identified.
5 vulnerabilities (, , , , ) are caused by a buffer overflow and can potentially lead to code execution. 3 vulnerabilities can lead to information leakage, 2 to denial of service.
All problems have already been fixed by the developers, but the changes are still only in the master branch.
Π (tested cross-platform legacy branch , since the current version 2.x is released only for Windows), 4 vulnerabilities were found. three problems (, , ) are caused by buffer overflows in the InitialiseRFBConnection, rfbServerCutText, and HandleCoRREBBP functions, and could potentially lead to code execution. One problem () results in a denial of service. Even though the developers of TightVNC were about the problems last year, the vulnerabilities remain unpatched.
In a cross-platform package (a fork of TightVNC 1.3 using the libjpeg-turbo library), only one vulnerability was found (), but it is dangerous and, if you have authenticated access to the server, it makes it possible to organize the execution of your code, since when the buffer overflows, it is possible to control the return address. The problem is resolved and does not appear in the current release .
Source: opennet.ru