Vigil@nce: VNC, privilege elevation
August 2009 by Vigil@nce
A local attacker can elevate his privileges via a vulnerability of
VNC Server Service-Mode.
Severity: 2/4
Consequences: privileged access/rights
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 30/07/2009
IMPACTED PRODUCTS
– RealVNC
DESCRIPTION OF THE VULNERABILITY
The VNC Enterprise Edition and VNC Personal Edition products can
be started in:
– User-Mode : direct execution
– Service-Mode : execution as a Windows/Unix service
When Service-Mode is used, an attacker with access to the console
of the host system can elevate his privileges.
Technical details are unknown. This vulnerability may be used by a
local attacker to use the service in order to become administrator.
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-8903
http://vigilance.fr/vulnerability/VNC-privilege-elevation-8903