Hacking Alert Vulnerability Spotlight: VMWare VNC Vulnerabilities

Discussion in 'Security News' started by daljeet, Dec 19, 2017.

  1. daljeet

    daljeet Level 5

    Jun 14, 2017
    Linux Ubuntu
    Today, Talos is disclosing a pair of vulnerabilities in the VNC implementation used in VMWare's products that could result in code execution. VMWare implements VNC for its remote management, remote access, and automation purposes in VMWare products including Workstation, Player, and ESXi which share a common VMW VNC code base. The vulnerabilities manifest themselves in a way that would allow an attacker to initiate of VNC session causing the vulnerabilities to be triggered. Talos has coordinated with VMWare to ensure the issue was disclosed responsibly and patched by the vendor. Additionally, Talos has developed Snort signatures that can detect attempts to exploit these vulnerabilities.

    These vulnerabilities were identified using the recently released Decept Proxy and Mutiny Fuzzers. By utilizing these tools fuzzing was quickly able to take place by generating VNC traffic, feeding it through the Decept Proxy, and finally fuzzing the resulting .fuzzer file via Mutiny. This all occurs without knowing anything about the VMWare specific protocol extensions. For more details about the Decept Proxy and Mutiny Fuzzers see our recent blog.