Pavel Cheremushkin oo ka socda Kaspersky Lab Hirgelinta kala duwan ee VNC (Virtual Network Computing) nidaamka gelitaanka fog iyo aqoonsaday 37 dayacan oo ay sababaan dhibaatooyin marka la shaqaynayo xusuusta. Nuglaanta lagu aqoonsaday fulinta VNC server-ka waxa kaliya oo ka faa'iidaysan kara isticmaale la xaqiijiyay, iyo weerrarada dayacanka ee koodka macmiilka ayaa suurtagal ah marka isticmaaluhu uu ku xidho serfarka uu gacanta ku hayo weeraryahan.
Tirada ugu badan ee dayacan ee laga helay xirmada , diyaar u ah oo keliya madal Windows. Isugeyn 22 dayacan ayaa lagu aqoonsaday UltraVNC. 13 baylahdu waxa ay u horseedi kartaa in lagu fuliyo kood nidaamka, 5 in xusuusta daadato, iyo 4 in la diido adeegga.
Nuglaanta ayaa go'an siidaynta .
Maktabadda furan (LibVNCServer iyo LibVNCClient), kuwaas oo gudaha VirtualBox, 10 dayacan ayaa lagu aqoonsaday.
5 dayacan, , , , ) ay sababto qulqulka xad dhaafka ah waxayna keeni kartaa in la fuliyo kood. 3 baylahdu waxay u horseedi kartaa daadinta macluumaadka, 2 ilaa adeeg diidid.
Dhibaatooyinka oo dhan mar hore ayay hagaajiyeen horumariyayaashu, laakiin isbeddelada ayaa weli ah kaliya ee laanta sayidkiisa.
Π (laanta dhaxal-galka ah ee la tijaabiyay , maadaama nooca hadda jira ee 2.x loo sii daayay kaliya Windows), 4 baylah ayaa la ogaaday. Saddex dhibaato (, , ) waxaa sababa qulqulka xad dhaafka ah ee InitialiseRFBConnection, rfbServerCutText, iyo HandleCoRREBBP, waxayna u horseedi kartaa fulinta kood. Hal dhibaato () waxay keentaa diidmo adeeg. In kasta oo horumariyayaashii TightVNC ay ahaayeen Ku saabsan dhibaatooyinka sannadkii hore, dayacanka ayaa ah mid aan la sixin.
In xirmo iskutallaab ah (fargeeto TightVNC 1.3 ah oo adeegsata maktabadda libjpeg-turbo), hal nuglaanta ayaa la helay), laakiin waa khatar, haddii aad si dhab ah u leedahay server-ka, waxay suurtogal ka dhigaysaa in la abaabulo fulinta code-kaaga, maadaama haddii kaydku buux dhaafiyo, waxaa suurtagal ah in la xakameeyo ciwaanka soo celinta. Dhibaatada waa la xaliyay oo aan ka muuqan siidaynta hadda .
Source: opennet.ru