You are here

CVE-2011-0011

Vincent (CVE) Danen's picture
qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.

Details Source

Mitre

Statement

This issue does not affect versions of kvm package as shipped with Red Hat Enterprise Linux 5.

Public Date

2011-01-07 00:00:00

Impact

Moderate

Bugzilla

CVE-2011-0011 qemu-kvm: Setting VNC password to empty string silently disables all authentication

Bugzilla ID

668 589

CVSS Status

verified

Base Score

4.30

Base Metrics

AV:A/AC:H/Au:N/C:P/I:P/A:P

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (qemu-kvm) RHSA-2011:0345 2011-03-10