[UCI-Linux] Trivial hack for RealVNC servers exploited at UCI

Harry Mangalam harry.mangalam at uci.edu
Tue Jul 25 19:02:53 PDT 2006


Hi All,

I'd rather be reading this from someone else, but one of the servers 
that I admin got cracked (and at least another one in the same 
building got hit as well) by this trivial exploit:

http://forums.spywareinfo.com/index.php?showtopic=75679

Please batten down your hatches and replace the susceptible VNCserver 
with something else.  Or run it thru a more secure tunnel.

VNC is very handy, but it's not worth a reinstall. ... said Harry, now 
reinstalling.

Check the versions carefully.  Most distros are packaging one that 
addresses this hack, but there are a few, especially among AMD64 
machines that are not up to date (or have been copied from the few 
VNCserver binaries that exist for 64bit machines).

-- 
Harry Mangalam - Research Computing at NACS, E2148, Engineering Gateway, 
UC Irvine 92697  949 824 0084(o), 949 285 4487(c) 
harry.mangalam at uci.edu


More information about the UCI-Linux mailing list