 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.68927 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu USN-1063-1 (qemu-kvm) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to qemu-kvm announced via advisory USN-1063-1. Details follow: Neil Wilson discovered that if VNC passwords were blank in QEMU configurations, access to VNC sessions was allowed without a password instead of being disabled. A remote attacker could connect to running VNC sessions of QEMU and directly control the system. By default, QEMU does not start VNC sessions. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: kvm 0.11.0-0ubuntu6.4 qemu 0.11.0-0ubuntu6.4 qemu-arm-static 0.11.0-0ubuntu6.4 qemu-kvm 0.11.0-0ubuntu6.4 qemu-kvm-extras 0.11.0-0ubuntu6.4 Ubuntu 10.04 LTS: kvm 0.12.3+noroms-0ubuntu9.4 qemu 0.12.3+noroms-0ubuntu9.4 qemu-arm-static 0.12.3+noroms-0ubuntu9.4 qemu-common 0.12.3+noroms-0ubuntu9.4 qemu-kvm 0.12.3+noroms-0ubuntu9.4 qemu-kvm-extras 0.12.3+noroms-0ubuntu9.4 qemu-kvm-extras-static 0.12.3+noroms-0ubuntu9.4 Ubuntu 10.10: kvm 0.12.5+noroms-0ubuntu7.2 qemu 0.12.5+noroms-0ubuntu7.2 qemu-arm-static 0.12.5+noroms-0ubuntu7.2 qemu-kvm 0.12.5+noroms-0ubuntu7.2 qemu-kvm-extras 0.12.5+noroms-0ubuntu7.2 qemu-kvm-extras-static 0.12.5+noroms-0ubuntu7.2 After a standard system update you need to restart any running QEMU sessions to make all the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-1063-1 Risk factor : High |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-0011 42830 http://secunia.com/advisories/42830 43272 http://secunia.com/advisories/43272 43733 http://secunia.com/advisories/43733 44393 http://secunia.com/advisories/44393 70992 http://www.osvdb.org/70992 RHSA-2011:0345 http://rhn.redhat.com/errata/RHSA-2011-0345.html USN-1063-1 http://ubuntu.com/usn/usn-1063-1 [oss-security] 20110110 CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication http://www.openwall.com/lists/oss-security/2011/01/10/3 [oss-security] 20110110 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication http://www.openwall.com/lists/oss-security/2011/01/11/1 [oss-security] 20110112 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication http://www.openwall.com/lists/oss-security/2011/01/12/2 https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197 qemu-vnc-security-bypass(65215) https://exchange.xforce.ibmcloud.com/vulnerabilities/65215 |
| Copyright | Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |