CVE-2008-5714 | Vulnerability Database | Aqua Security

Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.

Affected Software

Name	Vendor	Start Version	End Version
Qemu	Qemu	0.9.1 (including)	0.9.1 (including)
Kvm	Ubuntu	gutsy	*
Kvm	Ubuntu	hardy	*
Kvm	Ubuntu	intrepid	*
Qemu	Ubuntu	dapper	*
Qemu	Ubuntu	gutsy	*
Qemu	Ubuntu	hardy	*
Qemu	Ubuntu	intrepid	*
Qemu	Ubuntu	jaunty	*
Xen-3.1	Ubuntu	gutsy	*
Xen-3.1	Ubuntu	hardy	*
Xen-3.1	Ubuntu	intrepid	*
Xen-3.2	Ubuntu	hardy	*
Xen-3.3	Ubuntu	intrepid	*
Xen-3.3	Ubuntu	jaunty	*
Xen-3.3	Ubuntu	karmic	*
Xen-3.3	Ubuntu	lucid	*
Xen-3.3	Ubuntu	maverick	*
Xen-3.3	Ubuntu	natty	*
Xen-unstable	Ubuntu	gutsy	*

References

http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html
http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://secunia.com/advisories/33568
http://secunia.com/advisories/34642
http://secunia.com/advisories/35062
http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5966
http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu\u0026r1=5966\u0026r2=5965\u0026pathrev=5966
http://www.securityfocus.com/bid/33020
http://www.ubuntu.com/usn/usn-776-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/47683

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-5714
CWE	https://cwe.mitre.org/data/definitions/189.html