Kuna amfani da VNC? dole ne ka sabunta saboda kusan raunin 37 aka gano

vnc-yanayin rauni-fasali

Kwanan nan Pavel Cheremushkin de Kaspersky Lab yayi nazarin aiwatarwa daban-daban na tsarin samun damar nesa na VNC (Virtual Hanyar Sadarwar Yanar Gizo) kuma sun gano raunin 37 sanadiyar matsalolin ƙwaƙwalwa.

Ularfafa abubuwan amfani a cikin aiwatarwar sabar VNC iya amfani da ingantaccen mai amfani kawai da kuma kai hari kan rauni a cikin lambar abokin harka mai yiwuwa ne lokacin da mai amfani ya haɗu zuwa sabar da maharan ke sarrafawa.

A shafin yanar gizo na Kaspersky, sunyi tsokaci akan hakanZa a iya amfani da waɗannan lahani ta hanya mai zuwa:

Aikace-aikacen VNC sun kunshi bangarori biyu: wata sabar da aka sanya a kwamfutar da ma'aikacin ka ya hada ta da nesa da kuma abokin harka da ke aiki a kan na'urar da suka hada ta. Abubuwan haɓakawa ba su da yawa a gefen sabar, wanda koyaushe yana da ɗan sauƙi saboda haka yana da ƙananan kwari. Koyaya, masananmu na CERT sun gano kurakurai a ɓangarorin biyu na aikace-aikacen da ake kan bincike, kodayake a yawancin yanayi farmaki akan sabar na iya zama ba tare da izini ba.

Game da rauni

An samo yawancin lahani a cikin kunshin UltraVNC, akwai kawai don dandamali na Windows. Gabaɗaya, a cikin UltraVNC An gano raunin 22. 13 lahani zai iya haifar da aiwatar da lambar a kan tsarin, 5 na iya zubo abubuwan da ke cikin wuraren ƙwaƙwalwar, kuma 4 na iya haifar da ƙin sabis.

Duk waɗannan halayen rashin daidaito an gyara su cikin sigar 1.2.3.0.

Yayinda yake cikin buɗe ɗakin karatu na LibVNC (LibVNCServer da LibVNCClient), wanda ake amfani dashi a cikin VirtualBox, An gano raunin 10. 5 raunin da ya faru (CVE-2018-20020, CVE-2018-20019, CVE-2018-15127, CVE-2018-15126, CVE-2018-6307) ya faru ne ta hanyar ambaliyar ruwa da kuma iya haifar da aiwatar da lambar. 3 rauni zai iya haifar da malalewar bayanai; 2 zuwa hana sabis.

Masu haɓakawa sun riga sun gyara dukkan matsalolin- Yawancin gyare-gyare an haɗa su a cikin saki na LibVNCServer 0.9.12, amma ya zuwa yanzu duk gyaran yana bayyana ne kawai a cikin babban reshe da sabunta abubuwan da aka samar.

A cikin TightVNC 1.3 (Gwargwadon dandamali wanda aka gwada), kamar yadda aka fitar da 2.x na yanzu don Windows kawai), An gano raunin 4. Batutuwa uku (CVE-2019-15679, CVE-2019-15678, CVE-2019-8287) suna faruwa ne sakamakon ambaliyar ruwa a cikin InitialiseRFBConnection, rfbServerCutText, da Ayyukan HandleCoRREBBP kuma suna iya haifar da aiwatar da lambar.

Matsala (CVE-2019-15680) take kaiwa zuwa hana sabis. Duk da cewa an sanar da masu haɓaka TightVNC batutuwan a shekarar da ta gabata, raunin ya kasance ba a gyara ba.

A cikin giciye-dandamali kunshin TurboVNC (cokali mai yatsa na TightVNC 1.3, wanda ke amfani da labjpeg-turbo library), rauni daya kawai aka samu (CVE-2019-15683), amma yana da haɗari kuma idan akwai ingantacciyar hanyar isa ga sabar hakan yana ba da damar tsara zartar da lambar ku, don haka kamar yadda tare da abubuwan adana abubuwa masu yawa zai yiwu a iya sarrafa alkiblar dawowa. An gyara matsalar a ranar 23 ga watan Agusta kuma bai bayyana a halin yanzu ba 2.2.3.

Idan kanaso ka kara sani game dashi zaku iya bincika bayanan a cikin asalin gidan. Haɗin haɗin shine wannan.

Amma game da sabunta abubuwan fakiti za a iya yin su ta wannan hanyar.

mai amfani da

Lambar dakin karatu zaka iya zazzage shi daga ma'ajiyar ka a GitHub (mahaɗin shine wannan). Don zazzage sabon juzu'i na yanzu a halin yanzu zaku iya buɗe tashar mota ku rubuta masu zuwa a ciki:

wget https://github.com/LibVNC/libvncserver/archive/LibVNCServer-0.9.12.zip

Kasa kwancewa tare da:

unzip libvncserver-LibVNCServer-0.9.12

Ka shigar da shugabanci tare da:

cd libvncserver-LibVNCServer-0.9.12

Kuma kuna gina kunshin tare da:

mkdir build
cd build
cmake ..
cmake --build .

TurboVNC

Don sabuntawa zuwa wannan sabon sigar, kawai zazzage sabon kunshin sigar sabuntawa, wanda za'a iya samu daga mahada mai zuwa.

Anyi aikin sauke kunshin, yanzu zaka iya shigar da shi ta danna sau biyu a kai kuma suna da cibiyar software don kula da shigarwa ko za su iya yi tare da manajan kunshin da suka fi so ko daga tashar.

Suna yin na ƙarshen ta hanyar sanya kansu inda kunshin da aka zazzage a cikin tashar su kuma a ciki kawai zasu buga:

sudo dpkg -i turbovnc_2.2.3_amd64.deb

Kasance na farko don yin sharhi

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.