Empty password allows access to VNC in libvirt
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| QEMU |
Fix Released
|
Undecided
|
Unassigned | ||
| libvirt |
Invalid
|
Medium
|
|||
| qemu-kvm |
Fix Released
|
Medium
|
|||
| libvirt (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
| Karmic |
Invalid
|
Undecided
|
Unassigned | ||
| Lucid |
Invalid
|
Undecided
|
Unassigned | ||
| Maverick |
Invalid
|
Undecided
|
Unassigned | ||
| Natty |
Invalid
|
Undecided
|
Unassigned | ||
| qemu-kvm (Debian) |
Fix Released
|
Unknown
|
|||
| qemu-kvm (Ubuntu) |
Fix Released
|
Medium
|
Dustin Kirkland | ||
| Karmic |
Fix Released
|
Medium
|
Kees Cook | ||
| Lucid |
Fix Released
|
Medium
|
Kees Cook | ||
| Maverick |
Fix Released
|
Medium
|
Kees Cook | ||
| Natty |
Fix Released
|
Medium
|
Dustin Kirkland | ||
Bug Description
The help in the /etc/libvirt/
"To allow access without passwords, leave this commented out. An empty
string will still enable passwords, but be rejected by QEMU
effectively preventing any use of VNC."
yet setting:
vnc_password=""
allows access to the vnc console without any password prompt just as if it is hashed out completely.
ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: libvirt-bin 0.8.3-1ubuntu14
ProcVersionSign
Uname: Linux 2.6.35-24-server x86_64
Architecture: amd64
Date: Tue Jan 4 12:18:35 2011
InstallationMedia: Ubuntu-Server 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.2)
ProcEnviron:
LANG=en_GB.UTF-8
SHELL=/bin/bash
SourcePackage: libvirt
Related branches
- Dustin Kirkland : Approve
-
Diff: 109 lines (+72/-1)5 files modifieddebian/changelog (+19/-0)
debian/control (+1/-1)
debian/patches/697197-fix-vnc-password-semantics.patch (+17/-0)
debian/patches/caps-lock-key-up-event.patch (+33/-0)
debian/patches/series (+2/-0)
CVE References
| Changed in libvirt (Ubuntu): | |
| assignee: | nobody → Serge Hallyn (serge-hallyn) |
| security vulnerability: | no → yes |
| Changed in qemu: | |
| status: | New → Confirmed |
| Changed in qemu-kvm (Ubuntu): | |
| assignee: | nobody → Dustin Kirkland (kirkland) |
| importance: | Undecided → Medium |
| status: | Confirmed → In Progress |
| Changed in libvirt (Ubuntu Maverick): | |
| status: | New → Invalid |
| Changed in libvirt (Ubuntu Natty): | |
| assignee: | Serge Hallyn (serge-hallyn) → nobody |
| importance: | High → Undecided |
| Changed in qemu-kvm (Ubuntu Maverick): | |
| milestone: | maverick-updates → none |
| Changed in libvirt (Ubuntu Lucid): | |
| status: | New → Invalid |
| Changed in qemu-kvm (Ubuntu Maverick): | |
| assignee: | Ubuntu Security Team (ubuntu-security) → Kees Cook (kees) |
| Changed in qemu-kvm (Ubuntu Lucid): | |
| assignee: | Ubuntu Security Team (ubuntu-security) → Kees Cook (kees) |
| Changed in qemu-kvm (Ubuntu Karmic): | |
| assignee: | nobody → Kees Cook (kees) |
| importance: | Undecided → Medium |
| Changed in qemu-kvm (Ubuntu Lucid): | |
| status: | In Progress → Fix Committed |
| Changed in qemu-kvm (Ubuntu Maverick): | |
| status: | In Progress → Fix Committed |
| Changed in qemu-kvm (Ubuntu Karmic): | |
| status: | In Progress → Fix Committed |
| Changed in qemu-kvm (Debian): | |
| status: | Unknown → New |
| Changed in qemu-kvm (Debian): | |
| status: | New → Fix Released |
| Changed in qemu: | |
| status: | Confirmed → Fix Released |
| Changed in libvirt: | |
| importance: | Unknown → Medium |
| status: | Unknown → Invalid |
| Changed in qemu-kvm: | |
| importance: | Unknown → Medium |
| status: | Unknown → Fix Released |

Description of problem:
The help for 'vnc_password' in qemu.conf states "An empty string will still enable passwords, but be rejected by QEMU effectively preventing any use of VNC.".
Yet if you set vnc_password="" then you can access the VNC console without any password prompt at all - just as you can if the entry is hashed out.
Version-Release number of selected component (if applicable):
libvirtd (libvirt) 0.8.3
How reproducible:
Every time by configuration
Steps to Reproduce: qemu.conf
1. Create a VNC console without a password.
2. Set vnc_password="" in /etc/libvirt/
3. Start up a guest and access the VNC console with a client.
Actual results:
You get straight into the console with no prompts.
Expected results:
Should have come up with a prompt and rejected the access. Or the instructions in the qemu.conf file need changing to take account of the current behaviour.
Additional info: