Bug 668589 (CVE-2011-0011) - CVE-2011-0011 qemu-kvm: Setting VNC password to empty string silently disables all authentication
Summary: CVE-2011-0011 qemu-kvm: Setting VNC password to empty string silently disable...
Status: CLOSED ERRATA
Alias: CVE-2011-0011
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: public=20110107,reported=20110107,sou...
Keywords: Security
Depends On: 667976 668598 680886
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-01-10 20:45 UTC by Petr Matousek
Modified: 2019-06-08 18:42 UTC (History)
7 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2015-07-29 13:39:46 UTC


Attachments (Terms of Use)
Fix to vnc password semantics (487 bytes, patch)
2011-01-28 18:02 UTC, Neil Wilson
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0345 normal SHIPPED_LIVE Moderate: qemu-kvm security update 2011-03-10 20:11:26 UTC

Description Petr Matousek 2011-01-10 20:45:01 UTC
Description of problem:
The semantics of the ',password' option to -vnc are that it enables the VNC auth scheme. If the VNC server password is unset or empty string, all attempts to authenticate with the server will be explicitly blocked.

This allows applications to enable and selectively allow access for a period of time, before clearing the password again to prevent further access.

Upstream changes have introduced a flaw by disabling all authentication when the password was cleared with upstream commit [1].

[1] http://www.qemu.com/qemu.git/commit/?id=52c18be9e99dabe295321153fda7fce9f76647ac

Comment 4 Neil Wilson 2011-01-28 18:02:42 UTC
Created attachment 475841 [details]
Fix to vnc password semantics

This patch corrects the flaw in qemu-kvm

Please see http://launchpad.net/bugs/697197 for testing performed.

Comment 5 Petr Matousek 2011-02-28 11:09:05 UTC
Created qemu tracking bugs for this issue

Affects: fedora-all [bug 680886]

Comment 6 errata-xmlrpc 2011-03-10 20:11:32 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0345 https://rhn.redhat.com/errata/RHSA-2011-0345.html

Comment 7 Petr Matousek 2012-03-30 17:33:58 UTC
Statement:

This issue does not affect versions of kvm package as shipped with Red Hat Enterprise Linux 5.


Note You need to log in before you can comment on or make changes to this bug.