37 Vulnerabilidades descobertas em 4 VNC acesso remoto Apps

Um novo relatório Kaspersky revela que quatro comum, open-source VNC (Virtual Network Computing) remoto aplicativos de desktop contêm 37 vulnerabilidades que poderiam permitir ataques remotos.

Quatro aplicativos VNC open-source comum contêm 37 vulnerabilidades

The issue with desktop apps is that they can provide an entry point into a company’s infrastructure, which becomes even easier if the remote access tools are vulnerable, the researchers pointed out in their report.

Knowing these risks, the researchers decided to look into four common open-source VNC apps:

  • LibVNC — a library, isso é, a set of ready-made code snippets on which basis developers can create apps; LibVNC is used, por exemplo, in systems that allow remote connections to virtual machines, as well as iOS and Android mobile devices.
  • TightVNC 1.X — an application recommended by vendors of industrial automation systems for connecting to a human–machine interface (HMI).
  • TurboVNC — a VNC implementation for remote work with graphic, 3D, and video objects.
  • UltraVNC — a VNC variant built specifically for Windows; it is also widely used in industrial production for connecting to HMIs.

não é de surpreender, the experts discovered vulnerabilities in all four implementations. One vulnerability was discovered in TurboVNC, four in TightVNC, ten in LibVNC, e 22 in UlraVNC, which makes the total of 37 vulnerabilidades.

All the issues stem from incorrect memory usage, and their exploitation could lead to malfunctions and denial-of-service attacks. Contudo, in a worse scenario, attackers could be able to gain unauthorized access to information on the system, or even drop malware.

relacionado: [wplinkpreview url =””] 13 Provedores de Serviços Gerenciados Hit por ransomware em 2019

The bugs were reported to the developers of the respective software libraries and apps, and most of them have already been fixed. Contudo, the developers of TightVNC don’t support the first version of their system anymore, and hence they didn’t fix the vulnerabilities. “This is a weighty reason to consider moving to another VNC platform,”Disseram os pesquisadores.

Additional trouble may come from the fact that vulnerable code is used in many open-source projects, and not all developers implement library updates. Such apps will remain vulnerable unless their developers update the vulnerable code, which may not happen at all.

More information about the vulnerabilities is available in Kaspersky’s ICS CERT report.

Although the focus of the research was on the use of VNC in industrial enterprises, the threats are relevant to any business that deploys this technology, Kaspersky noted.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar