Security Issues Found In Several VNC Applications

December 7, 2019

Written by wukovits

security issues found in several vnc applicationsMicrosoft RDP has its share of problems.

That simple truth has sparked the rise of a number of open-source VNC (Virtual Network Computing) applications, which allow a user to remotely control another computer.

Regardless of which VNC solution you use, they all work pretty much the same way.

There’s a “server component” which runs on the computer that shares its desktop. There is also a “client component” which runs on the computer that will access the share from a remote location.

There are a few VNC applications on the market compatible with every OS in use today. In the VNC ecosystem, the “Big Four” are LibVNC, UltraVNC, Tight VNC, and TurboVNC.  Recently, researchers at Kaspersky Lab audited these four on a quest to discover how secure they were.  Their findings were disappointing to say the least.

Overall, the researchers found a total of 37 serious flaws in the client and server portions of these four programs. 22 of them were found in UltraVNC, with another ten found in LibVNC, 4 in TightVNC, and one in TurboVNC, which looks to be the best of the bunch in terms of security.

The research team had this to say about their findings:

“All of the bugs are linked to incorrect memory usage.  Exploiting them leads only to malfunctions and denial of service – a relatively favorable outcome.  In more serious cases, attackers can gain unauthorized access to information on the device or release malware into the victim’s system.”

Although only one flaw was found in TurboVNC, it’s a serious one that would allow a determined attacker to remotely execute code on the server side.

If there’s a silver lining to the recent research it is the fact that Kaspersky notified the development teams of all four of the programs they audited. Also, all four have been patched and updated. If you use any of those, just make sure you’re using the latest version and you can use them with confidence.  Kudos to Kaspersky for their efforts, and to the developers to responding swiftly to the company’s findings.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Essential Settings to Maximize Your Microsoft 365 Experience 

Microsoft 365 is a powerful suite of tools. It helps to enhance productivity and collaboration. This is especially true for small to mid-sized businesses (SMBs). But to get the most out of Microsoft 365, it’s important to optimize its settings. Otherwise, you may only...

Windows 10: The Final Countdown – It’s Time to Upgrade Your PC

Windows 10 has served us well. But its time is running out. Microsoft plans to end support for Windows 10 on October 14, 2025. This means no more security updates, no more patches, and no more support. It's time to upgrade to Windows 11. This is especially true for...