Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: VNC viewers: Clipboard of host automatically sent to remote machine
From: Dan Yefimov <dan () lightwave net ru>
Date: Wed, 25 Jan 2012 11:55:32 +0300

On 25.01.2012 5:45, Ben Bucksch wrote:
On 25.01.2012 00:52, Henri Salo wrote:
On Wed, Jan 25, 2012 at 12:47:28AM +0100, Ben Bucksch wrote:
On 25.01.2012 00:09, Dan Kaminsky wrote:
IP KVM, in which the foreign server basically gets only inbound
Keyboard and Mouse and outbound uncompressed pixels.
That is *precisely* what VNC is: an open-source IP KVM.
What the hell? Seriously..

http://en.wikipedia.org/wiki/VNC

hihi. Thanks.

"It transmits the keyboard and mouse events from one computer to
another, relaying the graphical screen updates back in the other
direction, over a network."
"The VNC protocol (RFB) is very simple, based on one graphic primitive
from server to client ('Put a rectangle of pixel data at the specified
X,Y position') and event messages from client to server."

Compare to above.

Now, the part where it defines that clipboard is also a standard part of
VNC... oh, huch, it's not there! (Just a random note that Unicode is
impossible, but not that clipboard is defined as part of the protocol at
all.) Ah, I know... Surely, it must be on
<http://en.wikipedia.org/wiki/RFB_protocol>... No, same thing there.
Strange.

It should be strictly understood that something not being mentioned in the 
Wikipedia article doesn't mean that doesn't exist at all, since Wikipedia is 
_not_ authoritative information source. The authoritative information source 
would be the formal specification of the protocol explicitly defining the set of 
event types and explicitly prohibiting non-defined event types, otherwise 
implementations are free to define and use their own event types being in fact 
extensions of the protocol. It's defined nowhere that VNC is _exactly_ 
open-source IP KVM and nothing more.

P.S. I was just reporting bug. I hope at least some software finds a
better solution. Have fun.

I'd suggest you find alternative product allowing you to explicitly configure 
that clipboard is not transmitted to the host under control instead of 
struggling with the product limitations and design flaws.
-- 

Sincerely Yours, Dan.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault