CVE-2011-0011 - OpenCVE

qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Qemu	Qemu

Configuration 1 [-]

OR	cpe:2.3:a:qemu:qemu::rc2::::::*
	cpe:2.3:a:qemu:qemu:0.1.0:::::::*
	cpe:2.3:a:qemu:qemu:0.1.1:::::::*
	cpe:2.3:a:qemu:qemu:0.1.2:::::::*
	cpe:2.3:a:qemu:qemu:0.1.3:::::::*
	cpe:2.3:a:qemu:qemu:0.1.4:::::::*
	cpe:2.3:a:qemu:qemu:0.1.5:::::::*
	cpe:2.3:a:qemu:qemu:0.1.6:::::::*
	cpe:2.3:a:qemu:qemu:0.10.0:::::::*
	cpe:2.3:a:qemu:qemu:0.10.1:::::::*
	cpe:2.3:a:qemu:qemu:0.10.2:::::::*
	cpe:2.3:a:qemu:qemu:0.10.3:::::::*
	cpe:2.3:a:qemu:qemu:0.10.4:::::::*
	cpe:2.3:a:qemu:qemu:0.10.5:::::::*
	cpe:2.3:a:qemu:qemu:0.10.6:::::::*
	cpe:2.3:a:qemu:qemu:0.11.0:rc0::::::
	cpe:2.3:a:qemu:qemu:0.11.0:rc1::::::

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2011-0345.html
http://secunia.com/advisories/42830	Vendor Advisory
http://secunia.com/advisories/43272	Vendor Advisory
http://secunia.com/advisories/43733	Vendor Advisory
http://secunia.com/advisories/44393	Vendor Advisory
http://ubuntu.com/usn/usn-1063-1
http://www.openwall.com/lists/oss-security/2011/01/10/3
http://www.openwall.com/lists/oss-security/2011/01/11/1
http://www.openwall.com/lists/oss-security/2011/01/12/2
http://www.osvdb.org/70992
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197
https://exchange.xforce.ibmcloud.com/vulnerabilities/65215

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-06-21T15:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2010-12-07T00:00:00

Link: CVE-2011-0011

JSON object: View

NVD Information

Status : Modified

Published: 2012-06-21T15:55:05.863

Modified: 2020-11-02T14:39:07.490

Link: CVE-2011-0011

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-01-04T00:00:00", "descriptions": [{"lang": "en", "value": "qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "43733", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43733"}, {"name": "[oss-security] 20110110 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/01/11/1"}, {"name": "[oss-security] 20110112 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/01/12/2"}, {"name": "44393", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44393"}, {"name": "[oss-security] 20110110 CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/01/10/3"}, {"name": "RHSA-2011:0345", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2011-0345.html"}, {"name": "70992", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/70992"}, {"name": "qemu-vnc-security-bypass(65215)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65215"}, {"name": "42830", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42830"}, {"name": "USN-1063-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-1063-1"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197"}, {"name": "43272", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43272"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-0011", "datePublished": "2012-06-21T15:00:00", "dateReserved": "2010-12-07T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:*:rc2:*:*:*:*:*:*", "matchCriteriaId": "A1EA58FE-B700-4425-AA26-0E3B9EB06D57", "versionEndIncluding": "0.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC82CD08-F151-489C-9BC4-50C8C9583718", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "75D04344-C6CE-40D5-97ED-42B3DBA1AAD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "71CC4D45-66BE-4C23-B541-DD4604ACC9FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "2E41058D-380C-4098-96FB-53CC158ED420", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "BFE12226-C599-45A2-8CFD-32753F94204B", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "C06F8832-B32F-4352-B048-A4ADCE85373E", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "5278C685-988B-40D7-9AE9-B4FB8AF41C8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:0.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "39A6382B-A08C-4D58-B3F9-D74132A74B86", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:0.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "7483B9F2-246C-4B78-9EFA-7734B7209054", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:0.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "A83436B8-AFC9-4AA2-8414-1F703812718D", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:0.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "BCA47F54-B59B-45EC-B5D4-DF544E4BE1AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:0.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "4786DEA6-6F23-4969-B7E0-C664FCB2284E", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:0.10.5:*:*:*:*:*:*:*", "matchCriteriaId": "EA3CABBB-9C1F-4ACD-A2AC-8320348DDA99", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:0.10.6:*:*:*:*:*:*:*", "matchCriteriaId": "E0ED046D-26E2-4E01-BAB1-F86249A2E827", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "A4EF80C9-6950-412E-975F-058F20DF9F04", "vulnerable": true}, {"criteria": "cpe:2.3:a:qemu:qemu:0.11.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "921698C0-DCE3-4604-8ED3-B327273D6EAD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions."}, {"lang": "es", "value": "qemu-kvm antes de v0.11.0 deshabilita la autenticaci\u00f3n VNC cuando la contrase\u00f1a es eliminada, lo que permite a atacantes remotos eludir la autenticaci\u00f3n y establecer sesiones VNC."}], "id": "CVE-2011-0011", "lastModified": "2020-11-02T14:39:07.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.2, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-06-21T15:55:05.863", "references": [{"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2011-0345.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42830"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43272"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43733"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44393"}, {"source": "secalert@redhat.com", "url": "http://ubuntu.com/usn/usn-1063-1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/01/10/3"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/01/11/1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/01/12/2"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/70992"}, {"source": "secalert@redhat.com", "url": "https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65215"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}