Forum Thread: Ultra VNC recognized incorrectly as unpatched

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
And, this specific program:
UltraVNC 1.x

This thread has been marked as locked.
trombone_dude Ultra VNC recognized incorrectly as unpatched
Member 6th Feb, 2009 19:16
Ranking: 0
Posts: 49
User Since: 3rd Jan, 2009
System Score: 100%
Location: US
I have version 1.0.0.3 of Secunia PSI, and it is recognizing my fully patched version of Ultra VNC (c:\Program Files\UltraVNC\winvnc.exe) as unpatched. I have read the advisories from uvnc.com (http://forum.ultravnc.info/viewtopic.php?t=14654) and from coresecurity.com (http://www.coresecurity.com/content/vnc-integer-ov...) and both indicate that only the viewer is vulnerable. Secunia PSI is indicating the VNC server program, which is not affected by the vulnerability, is still unpatched. Please note that I have applied the patch provided by your link, and it contains only replacement viewer files. I have also rescanned a few times since applying the patch. Please let me know if I am missing anything

--
Asus P5QC, 2.4Ghz Intel Quad Core, 2Gb Ram, XP Pro

Asus EeePC 4G Surf, 2Gb Ram, XP Pro

mkalen RE: Ultra VNC recognized incorrectly as unpatched
Member 8th Feb, 2009 04:30
Score: 10
Posts: 5
User Since: 23rd Dec 2008
System Score: 100%
Location: DE
Was this reply relevant?
+0
-0
ejhonda RE: Ultra VNC recognized incorrectly as unpatched
Member 10th Feb, 2009 15:49
Score: 0
Posts: 6
User Since: 7th Feb 2009
System Score: N/A
Location: N/A
I've stumbled on this, too. Win XP, w/ VNC bundled as part of an app (MetaLAN). I contacted the vendor, who updated their product w/ the newer version of UltraVNC (winvnc.exe). Even after going from 1.0.5.2 to 1.0.5.4, PSI still doesn't detect the newer version of UltraVNC despite rescans. From what I can see, the file is stamped correctly with the version info.
Was this reply relevant?
+0
-0
war59312 RE: Ultra VNC recognized incorrectly as unpatched
Member 11th Feb, 2009 00:53
Score: 3
Posts: 19
User Since: 26th Nov 2008
System Score: N/A
Location: US
Indeed, PSI thinks these two files are still unpatched:

c:\Program Files\UltraVNC\winvnc.exe

c:\Program Files\UltraVNC\sfx\winvnc.exe
Was this reply relevant?
+0
-0
rkdesantos RE: Ultra VNC recognized incorrectly as unpatched
Member 20th Feb, 2009 18:48
Score: 0
Posts: 1
User Since: 13th Jan 2008
System Score: N/A
Location: N/A
This is still an issue. The linked advisories even say the server isn't vulnerable. Can we get this fixed?
Was this reply relevant?
+0
-0
krispy RE: Ultra VNC recognized incorrectly as unpatched
Member 23rd Feb, 2009 16:54
Score: 0
Posts: 4
User Since: 23rd Feb 2009
System Score: N/A
Location: Tokyo, JP
Last edited on 23rd Feb, 2009 16:54
Confirm it is still a problem to date... Please fix.
Was this reply relevant?
+0
-0
M.Hansen RE: Ultra VNC recognized incorrectly as unpatched
Secunia Official 24th Feb, 2009 15:47
Score: 193
Posts: 424
User Since: 26th Jan 2009
System Score: N/A
Location: Copenhagen, DK
Hi

Can you provide with the file information(company name, fileversion etc.)

I will then try to see whats the problem.

--
Kind regards,

Morten Hansen
Secunia PSI Support

Secunia PSI
http://secunia.com/vulnerability_scanning/personal
ejhonda RE: Ultra VNC recognized incorrectly as unpatched
Member 24th Feb, 2009 16:15
Score: 0
Posts: 6
User Since: 7th Feb 2009
System Score: N/A
Location: N/A
That information is in the first 3 posts here, isn't it? Or am I not understanding exactly what you're asking?
Was this reply relevant?
+0
-0
MADevil RE: Ultra VNC recognized incorrectly as unpatched
Member 24th Feb, 2009 20:08
Score: 0
Posts: 2
User Since: 24th Feb 2009
System Score: N/A
Location: N/A
c:\Program Files\UltraVNC\winvnc.exe
File description:VNC server for Win32
Company: UltraVNC
File version: 1.0.5.2
Size: 1,61 MB

and same thing for :

c:\Program Files\UltraVNC\sfx\winvnc.exe
Was this reply relevant?
+0
-0
M.Hansen RE: Ultra VNC recognized incorrectly as unpatched
Secunia Official 25th Feb, 2009 08:26
Score: 193
Posts: 424
User Since: 26th Jan 2009
System Score: N/A
Location: Copenhagen, DK
Hi again

Can i ask for someone to make a software suggestion of the 2 versions? That way i can add it/edit our database.


--
Kind regards,

Morten Hansen
Secunia PSI Support

Secunia PSI
http://secunia.com/vulnerability_scanning/personal


mkalen RE: Ultra VNC recognized incorrectly as unpatched
Member 25th Feb, 2009 10:39
Score: 10
Posts: 5
User Since: 23rd Dec 2008
System Score: 100%
Location: DE
There are now two Secunia advisories published for the viewer component of UltraVNC, see http://forum.ultravnc.info/viewtopic.php?t=11850 for details.

As for which version to check, at least for SA28747 the viewer is correctly identified as patched by PSI. The viewer EXE is called vncviewer.exe.

The problems with PSI described in this thread relate to the server component. The server EXE is called winvnc.exe.

The server EXE is not affected by either SA28747 or SA28804.

If you narrow the definitions down for these two, so that the scan is only performed against vncviewer.exe (and not against winvnc.exe) everything should be fine.
Was this reply relevant?
+0
-0
war59312 RE: Ultra VNC recognized incorrectly as unpatched
Member 26th Feb, 2009 07:09
Score: 3
Posts: 19
User Since: 26th Nov 2008
System Score: N/A
Location: US
Done, for both files!!

on 25th Feb, 2009 08:26, M.Hansen wrote:
Hi again

Can i ask for someone to make a software suggestion of the 2 versions? That way i can add it/edit our database.


--
Kind regards,

Morten Hansen
Secunia PSI Support

Secunia PSI
http://secunia.com/vulnerability_scanning/personal...
Was this reply relevant?
+0
-0
M.Hansen RE: Ultra VNC recognized incorrectly as unpatched
Secunia Official 26th Feb, 2009 10:24
Score: 193
Posts: 424
User Since: 26th Jan 2009
System Score: N/A
Location: Copenhagen, DK
Last edited on 26th Feb, 2009 13:05
Hi again.

The problem should be solved.

The problem was the way we detected the Ultravnc

When we made the detection rule we assumed that the winvnc.exe and the VNCViewer.exe would have the same version number. Since the security issue only affected the viewer, and only the version number of the viewer was updated, this is no longer correct.

(They probably will share versions again in the next major update)

We have updated the detection rule so you should no longer get incorrect detection of winvnc.exe


Thank to all of you who helped us realize the mistake we made, so we could correct it.

(Edit: It may take up to 24 hours before the PSI is no longer detecting winvnc.exe)

--
Kind regards,

Morten Hansen
Secunia PSI Support

Secunia PSI
http://secunia.com/vulnerability_scanning/personal
mkalen RE: Ultra VNC recognized incorrectly as unpatched
Member 28th Feb, 2009 18:10
Score: 10
Posts: 5
User Since: 23rd Dec 2008
System Score: 100%
Location: DE
on 26th Feb, 2009 10:24, M.Hansen wrote:
The problem should be solved.


Confirm: The problem is solved on Windows Vista. Thanks for the updated detection rules.
Was this reply relevant?
+0
-0
kestertonm RE: Ultra VNC recognized incorrectly as unpatched
Member 5th Apr, 2009 13:18
Score: 0
Posts: 1
User Since: 2nd Jan 2009
System Score: N/A
Location: N/A
That's not all! If you follow Secunias download link it downloads a file from uvnc.com. Who know who owns this domain or what spyware is included in the downloaded file. V V V Dangerous.......
Was this reply relevant?
+0
-0
trombone_dude RE: Ultra VNC recognized incorrectly as unpatched
Member 18th Apr, 2009 22:35
Score: 0
Posts: 49
User Since: 3rd Jan 2009
System Score: 100%
Location: US
on 5th Apr, 2009 13:18, kestertonm wrote:
That's not all! If you follow Secunias download link it downloads a file from uvnc.com. Who know who owns this domain or what spyware is included in the downloaded file. V V V Dangerous.......


Which is the website for ultravnc. Not dangerous at all.

--
Asus P5QC, 2.4Ghz Intel Quad Core, 2Gb Ram, XP Pro

Asus EeePC 4G Surf, 2Gb Ram, XP Pro
Was this reply relevant?
+0
-0

This thread has been marked as locked.