Signature Detail

VNC: Invalid Client Version

This protocol anomaly triggers when it detects a VNC client message that has an invalid version string. The VNC protocol defines valid VNC version syntax as RFB xxx.yyy\n. With (xxx) representing major version numbers and (yyy) representing minor version numbers; this is padded with zeros and followed by a NULL character.

Extended Description

If a ProtocolVersion message does not comply with the standard format, this may indicate that a software or transmission error has occurred. It may also indicate that a malicious party is attempting to conduct a buffer overflow or other attack against a VNC client or server.

References

• URL: http://www.realvnc.com/docs/rfbproto.pdf