Red Hat Local Security Checks : RedHat Update for qemu-kvm RHSA-2011:0345-01

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.870706

Categoría: Red Hat Local Security Checks

Título: RedHat Update for qemu-kvm RHSA-2011:0345-01

Resumen: The remote host is missing an update for the 'qemu-kvm'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'qemu-kvm'
package(s) announced via the referenced advisory.

Vulnerability Insight:
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component
for running virtual machines using KVM. Virtual Network Computing (VNC) is
a remote display system.

A flaw was found in the way the VNC 'password' option was handled. Clearing
a password disabled VNC authentication, allowing a remote user able to
connect to the virtual machines' VNC ports to open a VNC session without
authentication. (CVE-2011-0011)

All users of qemu-kvm should upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.

Affected Software/OS:
qemu-kvm on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
4.3

CVSS Vector:
AV:A/AC:H/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0011
42830
http://secunia.com/advisories/42830
43272
http://secunia.com/advisories/43272
43733
http://secunia.com/advisories/43733
44393
http://secunia.com/advisories/44393
70992
http://www.osvdb.org/70992
RHSA-2011:0345
http://rhn.redhat.com/errata/RHSA-2011-0345.html
USN-1063-1
http://ubuntu.com/usn/usn-1063-1
[oss-security] 20110110 CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication
http://www.openwall.com/lists/oss-security/2011/01/10/3
[oss-security] 20110110 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication
http://www.openwall.com/lists/oss-security/2011/01/11/1
[oss-security] 20110112 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication
http://www.openwall.com/lists/oss-security/2011/01/12/2
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197
qemu-vnc-security-bypass(65215)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65215

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.870706
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for qemu-kvm RHSA-2011:0345-01
Resumen:	The remote host is missing an update for the 'qemu-kvm'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'qemu-kvm' package(s) announced via the referenced advisory. Vulnerability Insight: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. Virtual Network Computing (VNC) is a remote display system. A flaw was found in the way the VNC 'password' option was handled. Clearing a password disabled VNC authentication, allowing a remote user able to connect to the virtual machines' VNC ports to open a VNC session without authentication. (CVE-2011-0011) All users of qemu-kvm should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. Affected Software/OS: qemu-kvm on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 4.3 CVSS Vector: AV:A/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0011 42830 http://secunia.com/advisories/42830 43272 http://secunia.com/advisories/43272 43733 http://secunia.com/advisories/43733 44393 http://secunia.com/advisories/44393 70992 http://www.osvdb.org/70992 RHSA-2011:0345 http://rhn.redhat.com/errata/RHSA-2011-0345.html USN-1063-1 http://ubuntu.com/usn/usn-1063-1 [oss-security] 20110110 CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication http://www.openwall.com/lists/oss-security/2011/01/10/3 [oss-security] 20110110 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication http://www.openwall.com/lists/oss-security/2011/01/11/1 [oss-security] 20110112 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication http://www.openwall.com/lists/oss-security/2011/01/12/2 https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197 qemu-vnc-security-bypass(65215) https://exchange.xforce.ibmcloud.com/vulnerabilities/65215
Copyright	Copyright (C) 2012 Greenbone AG