qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.
Weakness
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qemu | Qemu | * | 0.11.0 (including) |
| Qemu | Qemu | 0.1.0 (including) | 0.1.0 (including) |
| Qemu | Qemu | 0.1.1 (including) | 0.1.1 (including) |
| Qemu | Qemu | 0.1.2 (including) | 0.1.2 (including) |
| Qemu | Qemu | 0.1.3 (including) | 0.1.3 (including) |
| Qemu | Qemu | 0.1.4 (including) | 0.1.4 (including) |
| Qemu | Qemu | 0.1.5 (including) | 0.1.5 (including) |
| Qemu | Qemu | 0.1.6 (including) | 0.1.6 (including) |
| Qemu | Qemu | 0.10.0 (including) | 0.10.0 (including) |
| Qemu | Qemu | 0.10.1 (including) | 0.10.1 (including) |
| Qemu | Qemu | 0.10.2 (including) | 0.10.2 (including) |
| Qemu | Qemu | 0.10.3 (including) | 0.10.3 (including) |
| Qemu | Qemu | 0.10.4 (including) | 0.10.4 (including) |
| Qemu | Qemu | 0.10.5 (including) | 0.10.5 (including) |
| Qemu | Qemu | 0.10.6 (including) | 0.10.6 (including) |
| Qemu | Qemu | 0.11.0-rc0 (including) | 0.11.0-rc0 (including) |
| Qemu | Qemu | 0.11.0-rc1 (including) | 0.11.0-rc1 (including) |
| Red Hat Enterprise Linux 6 | RedHat | qemu-kvm-2:0.12.1.2-2.113.el6_0.8 | * |
| Qemu-kvm | Ubuntu | karmic | * |
| Qemu-kvm | Ubuntu | lucid | * |
| Qemu-kvm | Ubuntu | maverick | * |
| Qemu-kvm | Ubuntu | upstream | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/114.html
- https://cwe.mitre.org/data/definitions/115.html
- https://cwe.mitre.org/data/definitions/151.html
- https://cwe.mitre.org/data/definitions/194.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/593.html
- https://cwe.mitre.org/data/definitions/633.html
- https://cwe.mitre.org/data/definitions/650.html
- https://cwe.mitre.org/data/definitions/94.html
References
- http://rhn.redhat.com/errata/RHSA-2011-0345.html
- http://secunia.com/advisories/42830
- http://secunia.com/advisories/43272
- http://secunia.com/advisories/43733
- http://secunia.com/advisories/44393
- http://ubuntu.com/usn/usn-1063-1
- http://www.openwall.com/lists/oss-security/2011/01/10/3
- http://www.openwall.com/lists/oss-security/2011/01/11/1
- http://www.openwall.com/lists/oss-security/2011/01/12/2
- http://www.osvdb.org/70992
- https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65215
- http://rhn.redhat.com/errata/RHSA-2011-0345.html
- http://secunia.com/advisories/42830
- http://secunia.com/advisories/43272
- http://secunia.com/advisories/43733
- http://secunia.com/advisories/44393
- http://ubuntu.com/usn/usn-1063-1
- http://www.openwall.com/lists/oss-security/2011/01/10/3
- http://www.openwall.com/lists/oss-security/2011/01/11/1
- http://www.openwall.com/lists/oss-security/2011/01/12/2
- http://www.osvdb.org/70992
- https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65215