From: Password Crackers, Inc. (pwcrack@pwcrack.com)
Date: Thu Jun 22 2006 - 15:14:54 EDT
At the securigo site mentioned below, it is reported that this vulnerability
affects versions 4.0 to 4.2.2. The most recent Free version available from
RealVNC is 4.1.2, which appears to have been released in response to this
disclosure in May. The Enterprise edition appears to be at 4.2.5 and there
is also a Personal edition. Can someone clarify which editions/versions are
affected? Is it the case that Free edition 4.1.1 and earlier are
vulnerable, but that 4.1.2 patches the flaw?
Bob Weiss
Password Crackers, Inc.
-----Original Message-----
From: moty@netvision.net.il [mailto:moty@netvision.net.il]
Sent: Wednesday, June 14, 2006 10:05 AM
To: pen-test@securityfocus.com
Subject: New VNC Attack tutorial
Hi All
Step by step - Finding un-patched VNC machines
http://www.securigo.com/VNC-advisory.htm
Useful for penetration tests to check internal client network from
outside/inside.
Regards
Moty (CEH,CISSP,CCSE,CCSA,CCNA,MCSE)
Penetration tests by Real hackers
----------------------------------------------------------------------------
-- This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@cenzic.com for details. ---------------------------------------------------------------------------- -- ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@cenzic.com for details. ------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:09 EDT