Empty password allows access to VNC in libvirt
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Fix Released
|
Undecided
|
Unassigned | ||
libvirt |
Invalid
|
Medium
|
|||
qemu-kvm |
Fix Released
|
Medium
|
|||
libvirt (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Karmic |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Maverick |
Invalid
|
Undecided
|
Unassigned | ||
Natty |
Invalid
|
Undecided
|
Unassigned | ||
qemu-kvm (Debian) |
Fix Released
|
Unknown
|
|||
qemu-kvm (Ubuntu) |
Fix Released
|
Medium
|
Dustin Kirkland | ||
Karmic |
Fix Released
|
Medium
|
Kees Cook | ||
Lucid |
Fix Released
|
Medium
|
Kees Cook | ||
Maverick |
Fix Released
|
Medium
|
Kees Cook | ||
Natty |
Fix Released
|
Medium
|
Dustin Kirkland |
Bug Description
The help in the /etc/libvirt/
"To allow access without passwords, leave this commented out. An empty
string will still enable passwords, but be rejected by QEMU
effectively preventing any use of VNC."
yet setting:
vnc_password=""
allows access to the vnc console without any password prompt just as if it is hashed out completely.
ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: libvirt-bin 0.8.3-1ubuntu14
ProcVersionSign
Uname: Linux 2.6.35-24-server x86_64
Architecture: amd64
Date: Tue Jan 4 12:18:35 2011
InstallationMedia: Ubuntu-Server 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.2)
ProcEnviron:
LANG=en_GB.UTF-8
SHELL=/bin/bash
SourcePackage: libvirt
Related branches
- Dustin Kirkland : Approve
-
Diff: 109 lines (+72/-1)5 files modifieddebian/changelog (+19/-0)
debian/control (+1/-1)
debian/patches/697197-fix-vnc-password-semantics.patch (+17/-0)
debian/patches/caps-lock-key-up-event.patch (+33/-0)
debian/patches/series (+2/-0)
CVE References
Changed in libvirt (Ubuntu): | |
assignee: | nobody → Serge Hallyn (serge-hallyn) |
security vulnerability: | no → yes |
Changed in qemu: | |
status: | New → Confirmed |
Changed in qemu-kvm (Ubuntu): | |
assignee: | nobody → Dustin Kirkland (kirkland) |
importance: | Undecided → Medium |
status: | Confirmed → In Progress |
Changed in libvirt (Ubuntu Maverick): | |
status: | New → Invalid |
Changed in libvirt (Ubuntu Natty): | |
assignee: | Serge Hallyn (serge-hallyn) → nobody |
importance: | High → Undecided |
Changed in qemu-kvm (Ubuntu Maverick): | |
milestone: | maverick-updates → none |
Changed in libvirt (Ubuntu Lucid): | |
status: | New → Invalid |
Changed in qemu-kvm (Ubuntu Maverick): | |
assignee: | Ubuntu Security Team (ubuntu-security) → Kees Cook (kees) |
Changed in qemu-kvm (Ubuntu Lucid): | |
assignee: | Ubuntu Security Team (ubuntu-security) → Kees Cook (kees) |
Changed in qemu-kvm (Ubuntu Karmic): | |
assignee: | nobody → Kees Cook (kees) |
importance: | Undecided → Medium |
Changed in qemu-kvm (Ubuntu Lucid): | |
status: | In Progress → Fix Committed |
Changed in qemu-kvm (Ubuntu Maverick): | |
status: | In Progress → Fix Committed |
Changed in qemu-kvm (Ubuntu Karmic): | |
status: | In Progress → Fix Committed |
Changed in qemu-kvm (Debian): | |
status: | Unknown → New |
Changed in qemu-kvm (Debian): | |
status: | New → Fix Released |
Changed in qemu: | |
status: | Confirmed → Fix Released |
Changed in libvirt: | |
importance: | Unknown → Medium |
status: | Unknown → Invalid |
Changed in qemu-kvm: | |
importance: | Unknown → Medium |
status: | Unknown → Fix Released |
Description of problem:
The help for 'vnc_password' in qemu.conf states "An empty string will still enable passwords, but be rejected by QEMU effectively preventing any use of VNC.".
Yet if you set vnc_password="" then you can access the VNC console without any password prompt at all - just as you can if the entry is hashed out.
Version-Release number of selected component (if applicable):
libvirtd (libvirt) 0.8.3
How reproducible:
Every time by configuration
Steps to Reproduce: qemu.conf
1. Create a VNC console without a password.
2. Set vnc_password="" in /etc/libvirt/
3. Start up a guest and access the VNC console with a client.
Actual results:
You get straight into the console with no prompts.
Expected results:
Should have come up with a prompt and rejected the access. Or the instructions in the qemu.conf file need changing to take account of the current behaviour.
Additional info: