ALERT! Report of VNC Compromise - May 19, 2006

A serious vulnerability has been reported on campus for computer systems running RealVNC (Free Edition version 4.1.1 or prior, RealVNC Personal Edition version 4.2.2 or prior, RealVNC Enterprise Edition version 4.2.2 or prior) or AdderLink Keyboard/Video/Mouse hardware. These versions permit an unauthorized, remote attacker to gain unauthorized access to an affected system. There are active exploits that can take advantage of RealVNC programs that have not been updated. Application patching is advised. Port 5900 traffic has been restricted at the campus border through Monday afternoon, May 22.

For further information, please refer to the UC Davis Secalerts Listserve.