安全研究
安全漏洞
TightVNC Server验证Cookie可预测漏洞
发布日期:2002-11-15
更新日期:2003-03-03
受影响系统:
AT&T VNC 3.3.6不受影响系统:
AT&T VNC 3.3.5
AT&T VNC 3.3.4
AT&T VNC 3.3.3R2
TightVNC TightVNC 1.2.5
TightVNC TightVNC 1.2.4
TightVNC TightVNC 1.2.3
TightVNC TightVNC 1.2.1
TightVNC TightVNC 1.2.0
AT&T VNC 3.3.3
- Apple MacOS 9.0
- BSDI BSD/OS 4.0
- Conectiva Linux graficas
- Conectiva Linux ecommerce
- Conectiva Linux 6.0
- Debian Linux 2.2
- FreeBSD 4.2
- HP HP-UX 11.11
- Mandrake Linux 7.2
- Microsoft Windows NT 4.0
- Microsoft Windows 98 SE
- Microsoft Windows 2000
- OpenBSD 2.8
- OpenBSD 2.0
- RedHat Linux 7.0
- Sun Solaris 8.0
- Sun Solaris 7.0
- SuSE Linux 7.0
TightVNC TightVNC 1.2.7描述:
TightVNC TightVNC 1.2.6
BUGTRAQ ID: 6905
CVE(CAN) ID: CVE-2002-1511
TightVNC是一款由Constantin Kaplinsky分发和维护的VNC(Virtual Network Computing)软件,用于远程图形化的连接访问,可使用在Microsoft Windows及各种Unix类操作系统下。
TightVNC使用不强壮的方式来生成随机X服务器验证Cookie,远程攻击者可以利用这个漏洞猜测验证Cookie,未授权访问X服务器。
VNC服务器作为X服务器的时候,启动此VNC的脚本生成MIT X Cookie(用于X验证)没有使用强壮的随机号码生成器,这可导致攻击者可以轻易猜测验证Cookie。
VNC DES验证即使使用'challenge-response'方式实现,对每个验证的尝试产生随机和不同的'挑战',但是由于某个函数中的一个设计错误,生成的随机'挑战'采用每次验证尝试的当前时间作为随机种子,因此两个在同一秒的验证尝试可导致接收相同的'挑战',通过网络嗅探和猜测可以未授权用户访问VNC服务器。
<*来源:TightVNC (http://prdownloads.sourceforge.net/vnc-tight)
链接:http://www.linux-mandrake.com/en/security/2003/2003-022.php
https://www.redhat.com/support/errata/RHSA-2003-041.html
*>
建议:
厂商补丁:
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2003:022)以及相应补丁:
MDKSA-2003:022:Updated vnc packages fix cookie vulnerability
链接:http://www.linux-mandrake.com/en/security/2003/2003-022.php
补丁下载:
Updated Packages:
Linux-Mandrake 7.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/vnc-3.3.3-8.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/vnc-SVGALIB-3.3.3-8.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/vnc-doc-3.3.3-8.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/vnc-java-3.3.3-8.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/vnc-server-3.3.3-8.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/SRPMS/vnc-3.3.3-8.4mdk.src.rpm
Mandrake Linux 8.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/vnc-3.3.3r2-9.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/vnc-doc-3.3.3r2-9.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/vnc-server-3.3.3r2-9.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/SRPMS/vnc-3.3.3r2-9.3mdk.src.rpm
Mandrake Linux 8.0/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/vnc-3.3.3r2-9.3mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/vnc-doc-3.3.3r2-9.3mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/vnc-server-3.3.3r2-9.3mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/SRPMS/vnc-3.3.3r2-9.3mdk.src.rpm
Mandrake Linux 8.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/vnc-3.3.3r2-9.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/vnc-doc-3.3.3r2-9.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/vnc-server-3.3.3r2-9.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/SRPMS/vnc-3.3.3r2-9.3mdk.src.rpm
Mandrake Linux 8.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/vnc-3.3.3r2-9.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/vnc-doc-3.3.3r2-9.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/vnc-server-3.3.3r2-9.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/SRPMS/vnc-3.3.3r2-9.3mdk.src.rpm
Mandrake Linux 8.2/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/vnc-3.3.3r2-9.3mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/vnc-doc-3.3.3r2-9.3mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/vnc-server-3.3.3r2-9.3mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/SRPMS/vnc-3.3.3r2-9.3mdk.src.rpm
Mandrake Linux 9.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/tightvnc-1.2.5-2.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/tightvnc-doc-1.2.5-2.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/tightvnc-server-1.2.5-2.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/SRPMS/tightvnc-1.2.5-2.3mdk.src.rpm
上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2003:041-12)以及相应补丁:
RHSA-2003:041-12:Updated VNC packages fix replay and cookie vulnerabilities
链接:https://www.redhat.com/support/errata/RHSA-2003-041.html
补丁下载:
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/vnc-3.3.3r2-18.6.src.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/vnc-3.3.3r2-18.6.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/vnc-server-3.3.3r2-18.6.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/vnc-doc-3.3.3r2-18.6.i386.rpm
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/vnc-3.3.3r2-18.6.src.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/vnc-3.3.3r2-18.6.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/vnc-server-3.3.3r2-18.6.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/vnc-doc-3.3.3r2-18.6.i386.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/vnc-3.3.3r2-18.6.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/vnc-3.3.3r2-18.6.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/vnc-server-3.3.3r2-18.6.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/vnc-doc-3.3.3r2-18.6.i386.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/vnc-3.3.3r2-28.2.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/vnc-3.3.3r2-28.2.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/vnc-server-3.3.3r2-28.2.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/vnc-doc-3.3.3r2-28.2.i386.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/vnc-3.3.3r2-39.2.src.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/vnc-3.3.3r2-39.2.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/vnc-server-3.3.3r2-39.2.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/vnc-doc-3.3.3r2-39.2.i386.rpm
可使用下列命令安装补丁:
rpm -Fvh [文件名]
浏览次数:4409
严重程度:0(网友投票)
绿盟科技给您安全的保障