Pavel Cheremushkin oa Kaspersky Lab lits'ebetso tse fapaneng tsa VNC (Virtual Network Computing) sistimi ea phihlello e hole le ho tsebahatsa bofokoli ba 37 bo bakoang ke mathata ha o sebetsa ka mohopolo. Bofokoli bo bonoang ts'ebetsong ea li-server tsa VNC bo ka sebelisoa feela ke mosebelisi ea netefalitsoeng, 'me litlhaselo tsa bofokoli ho khoutu ea moreki lia khoneha ha mosebelisi a hokela ho seva e laoloang ke mohlaseli.
Palo e kholo ea bofokoli e fumanoeng ka har'a sephutheloana , e fumaneha feela bakeng sa sethala sa Windows. Kakaretso ea likotsi tse 22 li fumanoe ho UltraVNC. Bofokoli ba 13 bo ka lebisa ho ts'ebetsong ea khoutu tsamaisong, 5 ho lutla mohopolong, le 4 ho hana ts'ebeletso.
Bofokoli bo kentsoeng tokollong .
Laebraring e bulehileng (LibVNCServer le LibVNCClient), eo ho VirtualBox, bofokoli ba 10 bo fumanoe.
5 bofokoli (, , , , ) li bakoa ke ho phalla ha buffer 'me ho ka lebisa ho ts'ebetsong ea khoutu. Bofokoli ba 3 bo ka lebisa ho lutla ha tlhahisoleseling, 2 ho hana ts'ebeletso.
Mathata ohle a se a lokisitsoe ke bahlahisi, empa liphetoho li ntse li le teng feela lekaleng la master.
В (lekoa le lekoa la lekala la lefa la sefapano , kaha mofuta oa hajoale oa 2.x o lokollotsoe Windows feela), bofokoli bo 4 bo ile ba sibolloa. Mathata a mararo (, , ) li bakoa ke ho phalla ha buffer ho InitialiseRFBConnection, rfbServerCutText, le HandleCoRREBBP mesebetsi, 'me e ka lebisa ho ts'ebetsong ea khoutu. Bothata bo le bong () e lebisa ho hanetsoeng ha tšebeletso. Leha bahlahisi ba TightVNC ba ne ba mabapi le mathata selemong se fetileng, bofokoli bo lula bo sa lokisoe.
Ka har'a sephutheloana sa sethala (foroko ea TightVNC 1.3 e sebelisang laeborari ea libjpeg-turbo), ho fumanoe kotsi e le 'ngoe feela (), empa e kotsi 'me, haeba u na le phihlelo e tiisitsoeng ho seva, e etsa hore ho khonehe ho hlophisa ts'ebetsong ea khoutu ea hau, kaha haeba buffer e phalla, ho ka khoneha ho laola aterese ea ho khutla. Bothata bo rarollotsoe 'me ha e hlahe tokollong ea hajoale .
Source: opennet.ru