CVE 2011-0011
qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.
Related bugs and status
CVE-2011-0011 (Candidate) is related to these bugs:
Bug #697197: Empty password allows access to VNC in libvirt
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
697197 | Empty password allows access to VNC in libvirt | libvirt (Ubuntu) | Undecided | Invalid | ||
697197 | Empty password allows access to VNC in libvirt | libvirt | Medium | Invalid | ||
697197 | Empty password allows access to VNC in libvirt | qemu-kvm (Ubuntu) | Medium | Fix Released | ||
697197 | Empty password allows access to VNC in libvirt | qemu-kvm | Medium | Fix Released | ||
697197 | Empty password allows access to VNC in libvirt | QEMU | Undecided | Fix Released | ||
697197 | Empty password allows access to VNC in libvirt | libvirt (Ubuntu Maverick) | Undecided | Invalid | ||
697197 | Empty password allows access to VNC in libvirt | qemu-kvm (Ubuntu Maverick) | Medium | Fix Released | ||
697197 | Empty password allows access to VNC in libvirt | libvirt (Ubuntu Natty) | Undecided | Invalid | ||
697197 | Empty password allows access to VNC in libvirt | qemu-kvm (Ubuntu Natty) | Medium | Fix Released | ||
697197 | Empty password allows access to VNC in libvirt | libvirt (Ubuntu Lucid) | Undecided | Invalid | ||
697197 | Empty password allows access to VNC in libvirt | qemu-kvm (Ubuntu Lucid) | Medium | Fix Released | ||
697197 | Empty password allows access to VNC in libvirt | libvirt (Ubuntu Karmic) | Undecided | Invalid | ||
697197 | Empty password allows access to VNC in libvirt | qemu-kvm (Ubuntu Karmic) | Medium | Fix Released | ||
697197 | Empty password allows access to VNC in libvirt | qemu-kvm (Debian) | Unknown | Fix Released |
See the
CVE page on Mitre.org
for more details.