TightVNC是一款由Constantin Kaplinsky分发和维护的VNC(Virtual Network Computing)软件,用于远程图形化的连接访问,可使用在Microsoft Windows及各种Unix类操作系统下。TightVNC使用不强壮的方式来生成随机X服务器验证Cookie,远程攻击者可以利用这个漏洞猜测验证Cookie,未授权访问X服务器。VNC服务器作为X服务器的时候,启动此VNC的脚本生成MIT X Cookie(用于X验证)没有使用强壮的随机号码生成器,这可导致攻击者可以轻易猜测验证Cookie。VNC DES验证即使使用'challenge-response'方式实现,对每个验证的尝试产生随机和不同的'挑战',但是由于某个函数中的一个设计错误,生成的随机'挑战'采用每次验证尝试的当前时间作为随机种子,因此两个在同一秒的验证尝试可导致接收相同的'挑战',通过网络嗅探和猜测可以未授权用户访问VNC服务器。
MandrakeSoft------------MandrakeSoft已经为此发布了一个安全公告(MDKSA-2003:022)以及相应补丁:MDKSA-2003:022:Updated vnc packages fix cookie vulnerability链接:http://www.linux-mandrake.com/en/security/2003/2003-022.php补丁下载:Updated Packages:Linux-Mandrake 7.2:ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/vnc-3.3.3-8.4mdk.i586.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/vnc-SVGALIB-3.3.3-8.4mdk.i586.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/vnc-doc-3.3.3-8.4mdk.i586.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/vnc-java-3.3.3-8.4mdk.i586.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/vnc-server-3.3.3-8.4mdk.i586.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/SRPMS/vnc-3.3.3-8.4mdk.src.rpmMandrake Linux 8.0:ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/vnc-3.3.3r2-9.3mdk.i586.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/vnc-doc-3.3.3r2-9.3mdk.i586.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/vnc-server-3.3.3r2-9.3mdk.i586.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/SRPMS/vnc-3.3.3r2-9.3mdk.src.rpmMandrake Linux 8.0/PPC:ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/vnc-3.3.3r2-9.3mdk.ppc.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/vnc-doc-3.3.3r2-9.3mdk.ppc.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/vnc-server-3.3.3r2-9.3mdk.ppc.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/SRPMS/vnc-3.3.3r2-9.3mdk.src.rpmMandrake Linux 8.1:ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/vnc-3.3.3r2-9.3mdk.i586.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/vnc-doc-3.3.3r2-9.3mdk.i586.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/vnc-server-3.3.3r2-9.3mdk.i586.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/SRPMS/vnc-3.3.3r2-9.3mdk.src.rpmMandrake Linux 8.2:ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/vnc-3.3.3r2-9.3mdk.i586.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/vnc-doc-3.3.3r2-9.3mdk.i586.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/vnc-server-3.3.3r2-9.3mdk.i586.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/SRPMS/vnc-3.3.3r2-9.3mdk.src.rpmMandrake Linux 8.2/PPC:ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/vnc-3.3.3r2-9.3mdk.ppc.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/vnc-doc-3.3.3r2-9.3mdk.ppc.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/vnc-server-3.3.3r2-9.3mdk.ppc.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/SRPMS/vnc-3.3.3r2-9.3mdk.src.rpmMandrake Linux 9.0:ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/tightvnc-1.2.5-2.3mdk.i586.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/tightvnc-doc-1.2.5-2.3mdk.i586.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/tightvnc-server-1.2.5-2.3mdk.i586.rpmftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/SRPMS/tightvnc-1.2.5-2.3mdk.src.rpm上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:http://www.mandrakesecure.net/en/ftp.phpRedHat------RedHat已经为此发布了一个安全公告(RHSA-2003:041-12)以及相应补丁:RHSA-2003:041-12:Updated VNC packages fix replay and cookie vulnerabilities链接:https://www.redhat.com/support/errata/RHSA-2003-041.html补丁下载:Red Hat Linux 7.0:SRPMS:ftp://updates.redhat.com/7.0/en/os/SRPMS/vnc-3.3.3r2-18.6.src.rpmi386:ftp://updates.redhat.com/7.0/en/os/i386/vnc-3.3.3r2-18.6.i386.rpmftp://updates.redhat.com/7.0/en/os/i386/vnc-server-3.3.3r2-18.6.i386.rpmftp://updates.redhat.com/7.0/en/os/i386/vnc-doc-3.3.3r2-18.6.i386.rpmRed Hat Linux 7.1:SRPMS:ftp://updates.redhat.com/7.1/en/os/SRPMS/vnc-3.3.3r2-18.6.src.rpmi386:ftp://updates.redhat.com/7.1/en/os/i386/vnc-3.3.3r2-18.6.i386.rpmftp://updates.redhat.com/7.1/en/os/i386/vnc-server-3.3.3r2-18.6.i386.rpmftp://updates.redhat.com/7.1/en/os/i386/vnc-doc-3.3.3r2-18.6.i386.rpmRed Hat Linux 7.2:SRPMS:ftp://updates.redhat.com/7.2/en/os/SRPMS/vnc-3.3.3r2-18.6.src.rpmi386:ftp://updates.redhat.com/7.2/en/os/i386/vnc-3.3.3r2-18.6.i386.rpmftp://updates.redhat.com/7.2/en/os/i386/vnc-server-3.3.3r2-18.6.i386.rpmftp://updates.redhat.com/7.2/en/os/i386/vnc-doc-3.3.3r2-18.6.i386.rpmRed Hat Linux 7.3:SRPMS:ftp://updates.redhat.com/7.3/en/os/SRPMS/vnc-3.3.3r2-28.2.src.rpmi386:ftp://updates.redhat.com/7.3/en/os/i386/vnc-3.3.3r2-28.2.i386.rpmftp://updates.redhat.com/7.3/en/os/i386/vnc-server-3.3.3r2-28.2.i386.rpmftp://updates.redhat.com/7.3/en/os/i386/vnc-doc-3.3.3r2-28.2.i386.rpmRed Hat Linux 8.0:SRPMS:ftp://updates.redhat.com/8.0/en/os/SRPMS/vnc-3.3.3r2-39.2.src.rpmi386:ftp://updates.redhat.com/8.0/en/os/i386/vnc-3.3.3r2-39.2.i386.rpmftp://updates.redhat.com/8.0/en/os/i386/vnc-server-3.3.3r2-39.2.i386.rpmftp://updates.redhat.com/8.0/en/os/i386/vnc-doc-3.3.3r2-39.2.i386.rpm可使用下列命令安装补丁:rpm -Fvh [文件名]