37 fa'aletonu i fa'atinoga VNC eseese

Pavel Cheremushkin mai le Kaspersky Lab iloilo faʻatinoga eseese o le VNC (Virtual Network Computing) faʻaogaina mamao ma faʻaalia 37 faʻafitauli e mafua mai i faʻafitauli pe a galue ma manatua. O faʻafitauli faʻaalia i le VNC server faʻatinoga e mafai ona faʻaaogaina e se tagata faʻamaonia faʻamaonia, ma osofaʻiga i faʻafitauli i le code client e mafai pe a faʻafesoʻotaʻi se tagata faʻaoga i se server e pulea e se osofaʻiga.

Ole numera tele ole fa'aletonu o lo'o maua ile afifi UltraVNC, avanoa mo na'o le Windows platform. Ole aofaʻi ole 22 faʻafitauli ua faʻaalia ile UltraVNC. 13 faʻafitauli e ono mafai ona taʻitaʻia ai le faʻatinoina o tulafono i luga o le polokalama, 5 i le faʻaogaina o mafaufauga, ma le 4 i le teenaina o le tautua.
Fa'aletonu ua fa'amautu ile fa'asa'oloto 1.2.3.0.

I le faletusi tatala LibVNC (LibVNCServer ma LibVNCClient), lea e faʻaaoga i VirtualBox, 10 faʻafitauli ua faʻaalia.
5 fa'aletonu (CVE-2018-20020, CVE-2018-20019, CVE-2018-15127, CVE-2018-15126, CVE-2018-6307) e mafua mai i le faʻafefe o le pa ma e mafai ona taʻitaʻia ai le faʻatinoina o tulafono. 3 fa'aletonu e mafai ona o'o atu ai i fa'amatalaga liki, 2 i le fa'afitia o le tautua.
O faʻafitauli uma ua uma ona faʻaleleia e le au atinaʻe, ae o loʻo iai pea suiga atagia na'o le lala matai.

В FaigataVNC (fa'ata'ita'i fa'asologa fa'asolosolo lala talatuu 1.3, talu ai o le lomiga o loʻo i ai nei 2.x ua faʻasaʻoloto mo na o Windows), 4 faʻafitauli na maua. Tolu fa'afitauli (CVE-2019-15679, CVE-2019-15678, CVE-2019-8287) e mafua mai i le faʻafefe o paʻu i le InitialiseRFBConnection, rfbServerCutText, ma le HandleCoRREBBP galuega, ma e mafai ona taʻitaʻia ai le faʻatinoina o tulafono. tasi le faafitauli (CVE-2019-15680) e tau atu i le faafitia o le auaunaga. E ui lava o le TightVNC developers sa logoina e uiga i faʻafitauli i le tausaga talu ai, o faʻafitauli o loʻo tumau pea le le faʻasaʻoina.

I totonu o se pusa faʻasalalauga TurboVNC (se tui o le TightVNC 1.3 e faʻaaogaina le faletusi libjpeg-turbo), naʻo le tasi le faʻafitauli na maua (CVE-2019-15683), ae e matautia ma, afai e iai sau avanoa faʻamaonia i le 'auʻaunaga, e mafai ai ona faʻatulagaina le faʻatinoina o lau code, talu ai afai e sosolo le paʻu, e mafai ona pulea le tuatusi toe faafoi. Ua foia le faafitauli 23 Aug ma e le o aliali mai i le faʻasalalauga o loʻo iai nei 2.2.3.

puna: opennet.ru