-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Response: RealVNC Remote Authentication
Bypass Vulnerability
Document ID: 70509
http://www.cisco.com/warp/public/707/cisco-sr-20
060622-cmm.shtml
Revision 1.0
For Public Release 2006 June 22 1530 UTC (GMT)
-
------------------------------------------------------------
-----------
Contents
========
Cisco Response
Additional Information
Revision History
Cisco Security Procedures
-
------------------------------------------------------------
-----------
Cisco Response
==============
This is Cisco PSIRT's response to the CERT advisory
http://www.kb.c
ert.org/vuls/id/117929 and acknowledged by
Real VNC at http://www.realvnc.com/products/free/4.1/release-note
s.html
This vulnerability was originally discovered by James Evans.
The original CERT advisory is available at
http://www.kb.c
ert.org/vuls/id/117929
This issue is being tracked by Cisco bug ID:
* CSCse32811 RealVNC allows remote access to Windows 2000
server
console without password.
Additional Information
======================
RealVNC is a remote control access product that is bundled
with Cisco
CallManager to provide remote console access.
A vulnerability in RealVNC may allow a malicious user to
bypass RealVNC
authentication to gain console access to a Cisco CallManager
system.
In the event that a malicious user exploits this
vulnerability to gain
access to a Cisco CallManager server, all normal CallManager
and
Windows 2000 security will still apply and is intact. While
this
vulnerability may provide remote access to a CallManager
system, an
attacker will still require Windows and CallManager
credentials to
further any attack.
RealVNC has resolved this vulnerability in software version
4.1.2 and
later.
Cisco has made available an update which will update RealVNC
to version
4.1.2 and later and is available in CallManager update
win-OS-Upgrade-K9.2000-4-2sr8.exe which may be downloaded at
http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des
Workaround
==========
The workaround to this issue is to disable the RealVNC
service. Please
consult RealVNC documentation for further details at
http://www.
realvnc.com/documentation.html
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS
AND DOES NOT IMPLY ANY
KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF
THE
INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE
DOCUMENT IS AT
YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE
THIS
DOCUMENT AT ANY TIME.
Revision History
================
+----------------------------------------+
| Revision | | Initial |
| 1.0 | 2006-June-22 | public |
| | | release. |
+----------------------------------------+
Cisco Security Procedures
=========================
Complete information on reporting security vulnerabilities
in Cisco
products, obtaining assistance with security incidents, and
registering
to receive security information from Cisco, is available on
Cisco's
worldwide website at
http://www.cisco.com/warp/public/707/sec_incide
nt_response.shtml.
This includes instructions for press inquiries regarding
Cisco security
notices. All Cisco security advisories are available at
http://www.cisco.com/g
o/psirt.
-
------------------------------------------------------------
-----------
All contents are Copyright 1992-2006 Cisco Systems, Inc.
All rights
reserved.
-
------------------------------------------------------------
-----------
Updated: Jun 22, 2006
Document ID: 70509
-
------------------------------------------------------------
-----------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEmsWv8NUAbBmDaxQRAuy1AKCQcxdvLMQ+cbNzqCm0vPbS+OOO8QCg
oqCX
+dGtCFr78yG/zcpJGm6KISQ=
=MY9X
-----END PGP SIGNATURE-----
|