Nessus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Inconsistent results for VNC

from [Michel Arboi] [Permanent Link][Original]
To: rbabcock@cfa.harvard.edu
Subject: Re: Inconsistent results for VNC
From: Michel Arboi <mikhail@nessus.org>
Date: Tue, 14 Nov 2006 17:46:14 +0100
Cc: nessus@list.nessus.org
Delivered-to: sp-com-lists@consult.net
Delivered-to: nessus-list1@securepoint.com
Delivered-to: nessus@list.nessus.org
In-reply-to: <200611141614.kAEGE0mx004120@cfa0.cfa.harvard.edu> (Bob Babcock's message of "Tue, 14 Nov 2006 11:14:00 -0500 (EST)")
List-archive: <http://mail.nessus.org/pipermail/nessus>
List-help: <mailto:nessus-request@list.nessus.org?subject=help>
List-id: Discussion of Nessus software <nessus.list.nessus.org>
List-post: <mailto:nessus@list.nessus.org>
List-subscribe: <http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=subscribe>
List-unsubscribe: <http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=unsubscribe>
References: <200611141614.kAEGE0mx004120@cfa0.cfa.harvard.edu>
Sender: nessus-bounces@list.nessus.org
User-agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (linux) 
On Tue Nov 14 2006 at 17:14, Bob Babcock wrote:

>   The remote VNC server chose security type #0 (Invalid)
>   Any user can connect to it without authentication, and thus take
>   control of this machine.
> and other times get:
[snip]

Try applying this patch (or wait for a while and run
nessus-update-plugins). The script should be more robust.

*** vnc_security_types.nasl     23 May 2006 17:33:55 -0000      1.5
--- vnc_security_types.nasl     14 Nov 2006 16:44:15 -0000
***************
*** 68,74 ****
  if (major == 3 && minor >= 3 && minor < 7)
  {
   r = recv(socket: s, min: 4, length: 4);
!  if (strlen(r) != 4)
   {
    debug_print('Could not read security type\n');
    exit(0);
--- 68,74 ----
  if (major == 3 && minor >= 3 && minor < 7)
  {
   r = recv(socket: s, min: 4, length: 4);
!  if (strlen(r) < 4)
   {
    debug_print('Could not read security type\n');
    exit(0);

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Inconsistent results for VNC, Bob Babcock
Next by Date:  Re: Inconsistent results for VNC, Michel Arboi
Previous by Thread:  Inconsistent results for VNC, Bob Babcock
Next by Thread:  Re: Inconsistent results for VNC, Michel Arboi
Indexes:  [Date] [Thread] [Top] [All Lists]