Bug 668589 (CVE-2011-0011) - CVE-2011-0011 qemu-kvm: Setting VNC password to empty string silently disables all authentication
Summary: CVE-2011-0011 qemu-kvm: Setting VNC password to empty string silently disable...
Alias: CVE-2011-0011
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 667976 668598 680886
TreeView+ depends on / blocked
Reported: 2011-01-10 20:45 UTC by Petr Matousek
Modified: 2021-02-24 16:46 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-07-29 13:39:46 UTC

Attachments (Terms of Use)
Fix to vnc password semantics (487 bytes, patch)
2011-01-28 18:02 UTC, Neil Wilson
no flags Details | Diff

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0345 0 normal SHIPPED_LIVE Moderate: qemu-kvm security update 2011-03-10 20:11:26 UTC

Description Petr Matousek 2011-01-10 20:45:01 UTC
Description of problem:
The semantics of the ',password' option to -vnc are that it enables the VNC auth scheme. If the VNC server password is unset or empty string, all attempts to authenticate with the server will be explicitly blocked.

This allows applications to enable and selectively allow access for a period of time, before clearing the password again to prevent further access.

Upstream changes have introduced a flaw by disabling all authentication when the password was cleared with upstream commit [1].

[1] http://www.qemu.com/qemu.git/commit/?id=52c18be9e99dabe295321153fda7fce9f76647ac

Comment 4 Neil Wilson 2011-01-28 18:02:42 UTC
Created attachment 475841 [details]
Fix to vnc password semantics

This patch corrects the flaw in qemu-kvm

Please see http://launchpad.net/bugs/697197 for testing performed.

Comment 5 Petr Matousek 2011-02-28 11:09:05 UTC
Created qemu tracking bugs for this issue

Affects: fedora-all [bug 680886]

Comment 6 errata-xmlrpc 2011-03-10 20:11:32 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0345 https://rhn.redhat.com/errata/RHSA-2011-0345.html

Comment 7 Petr Matousek 2012-03-30 17:33:58 UTC

This issue does not affect versions of kvm package as shipped with Red Hat Enterprise Linux 5.

Note You need to log in before you can comment on or make changes to this bug.