Information Assurance

Christopher Belanger


front | classes | research | personal | contact

Information Assurance

Bugtraq Analysis

Ultr@ VNC Buffer overflow

back to bugtraq analyses page

What the problem is:

Ultr@ VNC is a open source VNC server and client. VNC is a way of connecting to another computer remotely over tcp/ip.

There is a problem with the login from the client side. Before a connection failed response from the server is displayed it is stored into a 1024 byte buffer. This buffer can be overloaded with malicious code, and all the client needs to be doing is trying to log in to a server.

On the server side, if the admin has enabled certain logging settings the buffer can be overloaded for Windows error messages. If this logging has ever been enabled, the vulnerability is on forever, even if logging is turned back off.

This could have been avoided simply with bounds checking.

For a work around, servers should not enable this logging. If it has been enabled, a reinstallation should fix it. From the client side, you should not log into servers that you do not completely trust. The fix: A patch is in the works.