ID CVE-2008-5714
Summary Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.
References
Vulnerable Configurations
  • QEMU 0.9.1
    cpe:2.3:a:qemu:qemu:0.9.1
CVSS
Base: 7.8 (as of 25-12-2008 - 15:56)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_QEMU-090325.NASL
    description qemu update to version 0.10.1 fixes the following security issues : CVE-2008-0928: problems with range checks of block devices CVE-2008-1945: problems with removable media handling CVE-2008-2382: vnc server DoS CVE-2008-4539: fix a heap overflow in the cirrus VGA implementation CVE-2008-5714: off by one error in vnc password handling
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40118
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40118
    title openSUSE Security Update : qemu (qemu-691)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1907.NASL
    description Several vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-5714 Chris Webb discovered an off-by-one bug limiting KVM's VNC passwords to 7 characters. This flaw might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. - CVE-2009-3290 It was discovered that the kvm_emulate_hypercall function in KVM does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory. The oldstable distribution (etch) does not contain kvm.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44772
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44772
    title Debian DSA-1907-1 : kvm - several vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-776-1.NASL
    description Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. (CVE-2008-1945, CVE-2008-2004) Alfredo Ortega discovered that KVM's VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. (CVE-2008-2382) Jan Niehusmann discovered that KVM's Cirrus VGA implementation over VNC did not correctly handle certain bitblt operations. A local attacker could exploit this flaw to potentially execute arbitrary code on the VM host or crash KVM, leading to a denial of service. (CVE-2008-4539) It was discovered that KVM's VNC password checks did not use the correct length. A remote attacker could exploit this flaw to cause KVM to crash, leading to a denial of service. (CVE-2008-5714). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 38759
    published 2009-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38759
    title Ubuntu 8.04 LTS / 8.10 : kvm vulnerabilities (USN-776-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_KVM-090112.NASL
    description Rogue VNC clients could make the built in VNC server of kvm run into an infinite loop (CVE-2008-2382) An off-by-one bug limited the length of VNC passwords to seven instead of eight (CVE-2008-5714) Virtualized guests could potentially execute code on the host by triggering a buffer overflow in the network emulation code via large ethernet frames (CVE-2007-5729) Virtualized guests could potentially execute code on the host by triggering a heap based buffer overflow in the Cirrus Graphics card emulation (CVE-2007-1320).
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40019
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40019
    title openSUSE Security Update : kvm (kvm-412)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_KVM-090112.NASL
    description Rogue VNC clients could make the built in VNC server of kvm run into an infinite loop (CVE-2008-2382) An off-by-one bug limited the length of VNC passwords to seven instead of eight (CVE-2008-5714) Virtualized guests could potentially execute code on the host by triggering a buffer overflow in the network emulation code via large ethernet frames (CVE-2007-5729) Virtualized guests could potentially execute code on the host by triggering a heap based buffer overflow in the Cirrus Graphics card emulation (CVE-2007-1320).
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40254
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40254
    title openSUSE Security Update : kvm (kvm-412)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-008.NASL
    description Security vulnerabilities have been discovered and corrected in VNC server of qemu version 0.9.1 and earlier, which could lead to denial-of-service attacks (CVE-2008-2382), and make it easier for remote crackers to guess the VNC password (CVE-2008-5714). The updated packages have been patched to prevent this.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 36993
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36993
    title Mandriva Linux Security Advisory : qemu (MDVSA-2009:008)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-009.NASL
    description Security vulnerabilities have been discovered and corrected in VNC server of kvm version 79 and earlier, which could lead to denial-of-service attacks (CVE-2008-2382), and make it easier for remote crackers to guess the VNC password (CVE-2008-5714). The updated packages have been patched to prevent this.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 36990
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36990
    title Mandriva Linux Security Advisory : kvm (MDVSA-2009:009)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_QEMU-090325.NASL
    description qemu update to version 0.10.1 fixes the following security issues : CVE-2008-0928: problems with range checks of block devices CVE-2008-1945: problems with removable media handling CVE-2008-2382: vnc server DoS CVE-2008-4539: fix a heap overflow in the cirrus VGA implementation CVE-2008-5714: off by one error in vnc password handling
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40302
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40302
    title openSUSE Security Update : qemu (qemu-691)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_QEMU-6123.NASL
    description qemu update to version 0.10.1 fixes the following security issues : CVE-2008-0928: problems with range checks of block devices CVE-2008-1945: problems with removable media handling CVE-2008-2382: vnc server DoS CVE-2008-4539: fix a heap overflow in the cirrus VGA implementation CVE-2008-5714: off by one error in vnc password handling
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 36082
    published 2009-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36082
    title openSUSE 10 Security Update : qemu (qemu-6123)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-776-2.NASL
    description USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a regression was introduced in Ubuntu 8.04 LTS that caused KVM to fail to boot virtual machines started via libvirt. This update fixes the problem. We apologize for the inconvenience. Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. (CVE-2008-1945, CVE-2008-2004) Alfredo Ortega discovered that KVM's VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. (CVE-2008-2382) Jan Niehusmann discovered that KVM's Cirrus VGA implementation over VNC did not correctly handle certain bitblt operations. A local attacker could exploit this flaw to potentially execute arbitrary code on the VM host or crash KVM, leading to a denial of service. (CVE-2008-4539) It was discovered that KVM's VNC password checks did not use the correct length. A remote attacker could exploit this flaw to cause KVM to crash, leading to a denial of service. (CVE-2008-5714). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 38777
    published 2009-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38777
    title Ubuntu 8.04 LTS : kvm regression (USN-776-2)
refmap via4
bid 33020
confirm
mlist
  • [qemu-devel] 20081123 [PATCH] Fix off-by-one bug limiting VNC passwords to 7 chars
  • [qemu-devel] 20081210 Re: [RESEND] [PATCH v2] Fix off-by-one bug limiting VNC passwords to 7 chars
secunia
  • 33568
  • 34642
  • 35062
suse
  • SUSE-SR:2009:002
  • SUSE-SR:2009:008
ubuntu USN-776-1
xf qemu-monitor-weak-security(47683)
statements via4
contributor Joshua Bressers
lastmodified 2009-02-26
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of Xen as shipped with Red Hat Enterprise Linux 5.
Last major update 16-05-2009 - 01:26
Published 24-12-2008 - 13:29
Last modified 07-08-2017 - 21:33
Back to Top