ID CVE-2008-5714
Summary Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.
References
Vulnerable Configurations
  • cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 08-08-2017 - 01:33)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:N/A:N
refmap via4
bid 33020
confirm
mlist
  • [qemu-devel] 20081123 [PATCH] Fix off-by-one bug limiting VNC passwords to 7 chars
  • [qemu-devel] 20081210 Re: [RESEND] [PATCH v2] Fix off-by-one bug limiting VNC passwords to 7 chars
secunia
  • 33568
  • 34642
  • 35062
suse
  • SUSE-SR:2009:002
  • SUSE-SR:2009:008
ubuntu USN-776-1
xf qemu-monitor-weak-security(47683)
statements via4
contributor Joshua Bressers
lastmodified 2009-02-26
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of Xen as shipped with Red Hat Enterprise Linux 5.
Last major update 08-08-2017 - 01:33
Published 24-12-2008 - 18:29
Back to Top