#VU43973 Improper Authentication in QEMU
Vulnerability identifier: #VU43973
Vulnerability risk: Medium
CVSSv3.1: 4.4 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-287
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
QEMU
Client/Desktop applications /
Virtualization software
Vendor: QEMU
Description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.
Mitigation
Install update from vendor's website.
Vulnerable software versions
QEMU: 0.1 - 0.11.0
External links
http://rhn.redhat.com/errata/RHSA-2011-0345.html
http://secunia.com/advisories/42830
http://secunia.com/advisories/43272
http://secunia.com/advisories/43733
http://secunia.com/advisories/44393
http://ubuntu.com/usn/usn-1063-1
http://www.openwall.com/lists/oss-security/2011/01/10/3
http://www.openwall.com/lists/oss-security/2011/01/11/1
http://www.openwall.com/lists/oss-security/2011/01/12/2
http://www.osvdb.org/70992
http://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197
http://exchange.xforce.ibmcloud.com/vulnerabilities/65215
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
