668589 – (CVE-2011-0011) CVE-2011-0011 qemu-kvm: Setting VNC password to empty string silently disables all authentication

Bug 668589 (CVE-2011-0011) - CVE-2011-0011 qemu-kvm: Setting VNC password to empty string silently disables all authentication

Summary: CVE-2011-0011 qemu-kvm: Setting VNC password to empty string silently disable...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2011-0011
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	667976 668598 680886
Blocks:
TreeView+	depends on / blocked

Reported:	2011-01-10 20:45 UTC by Petr Matousek
Modified:	2021-02-24 16:46 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-07-29 13:39:46 UTC
Embargoed:

Attachments	(Terms of Use)
Fix to vnc password semantics (487 bytes, patch) 2011-01-28 18:02 UTC, Neil Wilson	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:0345	0	normal	SHIPPED_LIVE	Moderate: qemu-kvm security update	2011-03-10 20:11:26 UTC

Description Petr Matousek 2011-01-10 20:45:01 UTC

Description of problem:
The semantics of the ',password' option to -vnc are that it enables the VNC auth scheme. If the VNC server password is unset or empty string, all attempts to authenticate with the server will be explicitly blocked.

This allows applications to enable and selectively allow access for a period of time, before clearing the password again to prevent further access.

Upstream changes have introduced a flaw by disabling all authentication when the password was cleared with upstream commit [1].

[1] http://www.qemu.com/qemu.git/commit/?id=52c18be9e99dabe295321153fda7fce9f76647ac

Comment 4 Neil Wilson 2011-01-28 18:02:42 UTC

Created attachment 475841 [details]
Fix to vnc password semantics

This patch corrects the flaw in qemu-kvm

Please see http://launchpad.net/bugs/697197 for testing performed.

Comment 5 Petr Matousek 2011-02-28 11:09:05 UTC

Created qemu tracking bugs for this issue

Affects: fedora-all [bug 680886]

Comment 6 errata-xmlrpc 2011-03-10 20:11:32 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0345 https://rhn.redhat.com/errata/RHSA-2011-0345.html

Comment 7 Petr Matousek 2012-03-30 17:33:58 UTC

Statement:

This issue does not affect versions of kvm package as shipped with Red Hat Enterprise Linux 5.

Note You need to log in before you can comment on or make changes to this bug.