Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5714

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2008-5714
Last Modified 16 May 2009 01:26:32
Published 24 Dec 2008 01:29:15
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5714

Summary

Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.

Vulnerable Systems

Application

  • Qemu 0.9.1


References

XF - qemu-monitor-weak-security(47683)

UBUNTU - USN-776-1

BID - 33020

CONFIRM - http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966

CONFIRM - http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966

SECUNIA - 35062

SECUNIA - 34642

SECUNIA - 33568

SUSE - SUSE-SR:2009:008

SUSE - SUSE-SR:2009:002

MLIST - [qemu-devel] 20081210 Re: [RESEND] [PATCH v2] Fix off-by-one bug limiting VNC passwords to 7 chars

MLIST - [qemu-devel] 20081123 [PATCH] Fix off-by-one bug limiting VNC passwords to 7 chars


Last Updated: 27 May 2016 10:48:54