VNC Detected
Updated 3/19/03
Impact
VNC could allow a remote attacker to gain access to a
computer. It can also be a sign that the computer has been
compromised by the Deloder worm.
Background
Virtual Network
Computing (VNC) is a software package which allows
interactive access to a computer's desktop environment
remotely from any platform type.
The Problem
VNC provides remote graphical interaction capabilities
comparable to having physical access to the computer. This
is a convenient but potentially dangerous feature, since
it could allow a computer to be taken over remotely if
it falls into the wrong hands. Furthermore, except for the
password, VNC sessions are not encrypted, which could allow
a network sniffer to gather sensitive information.
Vulnerabilities in
some older versions of VNC could allow a local or remote
attacker to gain privileges. Vulnerable versions include:
VNC is also one of the remote access tools installed by
the Deloder worm. The unexpected presence of VNC on a
computer could be a sign of infection.
Resolution
Disable VNC if it is not essential. If it is essential,
ensure that the installed version contains no known vulnerabilities, and that
a strong password has been set. Using an SSH tunnel is
recommended when using VNC across the Internet.
Where can I read more about this?
More information on VNC security is available from
AT&T and
RealVNC.
Information on using VNC with SSH is available from
AT&T.
More information on the Deloder worm is available in
CERT Advisory 2003-08.