VNC almost rivals the old Adobe programs for exploitability

[Ed P]

Kasperksy have just revealed 37 CVE listed exploits in VNC’s software including some that give remote execution. . Most of these are client side., but worryingly there are a couple of server side ones as well.

There seems to be no update facility for this software so I’m going to have to dump VNC or stick it in a sandbox. Pity, as it was quite handy to use with a Pi.

The other mitigation that Kaspersky mention is to always use a secure Password with any vNC product.

[blacklion1725]

Interesting – I used to use VNC a lot, but for Windows now the Remote desktop is my weapon of choice. I only have Linux on a Pi at the moment and for its limited purposes (it runs headless) Putty is enough. Is there a Linux alternative to VNC that is more secure?

[Ed P]

The BIG advantage to VNC was the ability to set up a window that emulated the Window on the Pi. It effectively gave you a spare Pi monitor. AFAIK there is nothing that replaces VNC server. This link shows possible client alternatives.

[edit] A VNC screen was the only way I could find of shutting down a headless program then relaunching it. For some reason SSH died when the launched program died.

[blacklion1725]

Thanks Ed

[Drezha]

Thanks for the link. I’ve been making use of VNC for accessing my home Pi and currently use the Realview VNC to access it from outside the house. May have to look in to it or look at not accessing it. In fairness, once the house sells, I’ll have no reason to access it from outside the house, so can just leave it as a local VNC connection which may be OK (I’ve not yet read but I’ll have a look).

"Everything looks interesting until you do it. Then you find it’s just another job" - Terry Pratchett

[Author]

Posts