Bug 668589 - (CVE-2011-0011) CVE-2011-0011 qemu-kvm: Setting VNC password to empty string silently disables all authentication
CVE-2011-0011 qemu-kvm: Setting VNC password to empty string silently disable...
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 667976 668598 680886
  Show dependency treegraph
Reported: 2011-01-10 15:45 EST by Petr Matousek
Modified: 2015-07-29 09:39 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-07-29 09:39:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Fix to vnc password semantics (487 bytes, patch)
2011-01-28 13:02 EST, Neil Wilson
no flags Details | Diff

  None (edit)
Description Petr Matousek 2011-01-10 15:45:01 EST
Description of problem:
The semantics of the ',password' option to -vnc are that it enables the VNC auth scheme. If the VNC server password is unset or empty string, all attempts to authenticate with the server will be explicitly blocked.

This allows applications to enable and selectively allow access for a period of time, before clearing the password again to prevent further access.

Upstream changes have introduced a flaw by disabling all authentication when the password was cleared with upstream commit [1].

[1] http://www.qemu.com/qemu.git/commit/?id=52c18be9e99dabe295321153fda7fce9f76647ac
Comment 4 Neil Wilson 2011-01-28 13:02:42 EST
Created attachment 475841 [details]
Fix to vnc password semantics

This patch corrects the flaw in qemu-kvm

Please see http://launchpad.net/bugs/697197 for testing performed.
Comment 5 Petr Matousek 2011-02-28 06:09:05 EST
Created qemu tracking bugs for this issue

Affects: fedora-all [bug 680886]
Comment 6 errata-xmlrpc 2011-03-10 15:11:32 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0345 https://rhn.redhat.com/errata/RHSA-2011-0345.html
Comment 7 Petr Matousek 2012-03-30 13:33:58 EDT

This issue does not affect versions of kvm package as shipped with Red Hat Enterprise Linux 5.

Note You need to log in before you can comment on or make changes to this bug.