Bug 209335 - HVM vnc config leaves world-accessible VNC port open with no password
HVM vnc config leaves world-accessible VNC port open with no password
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: xen (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Berrange
: Security
Depends On: 203196
  Show dependency treegraph
Reported: 2006-10-04 13:58 EDT by Stephen Tweedie
Modified: 2007-11-30 17:07 EST (History)
4 users (show)

See Also:
Fixed In Version: 5.0.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-11-28 16:27:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Comment 2 RHEL Product and Program Management 2006-10-04 14:33:53 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux release.  Product Management has requested further review
of this request by Red Hat Engineering.  This request is not yet committed for
inclusion in release.
Comment 3 Jay Turner 2006-10-10 16:01:11 EDT
QE ack for RHEL5.
Comment 8 Daniel Berrange 2006-10-19 12:25:38 EDT
The neccessary patches for VNC password support for FV & PV have been committed
to CVS & built into xen-3.0.3-2.el5
Comment 9 Daniel Berrange 2006-10-23 11:47:16 EDT
A further build 3.0.3-3.el5 resolves the final part of this which is to make the
/etc/xen directory  readable only by root (moe 0700) to protect the plaintext
VNC passwords from unprivileged users.

Note You need to log in before you can comment on or make changes to this bug.