Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations | |||
---|---|---|---|
Name | CVE-2008-5714 | First vendor Publication | 2008-12-24 |
Vendor | Cve | Last vendor Modification | 2017-08-08 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5714 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13482 | |||
Oval ID: | oval:org.mitre.oval:def:13482 | ||
Title: | USN-776-1 -- kvm vulnerabilities | ||
Description: | Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. Alfredo Ortega discovered that KVM�s VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. Jan Niehusmann discovered that KVM�s Cirrus VGA implementation over VNC did not correctly handle certain bitblt operations. A local attacker could exploit this flaw to potentially execute arbitrary code on the VM host or crash KVM, leading to a denial of service. It was discovered that KVM�s VNC password checks did not use the correct length. A remote attacker could exploit this flaw to cause KVM to crash, leading to a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-776-1 CVE-2008-1945 CVE-2008-2004 CVE-2008-2382 CVE-2008-4539 CVE-2008-5714 | Version: | 5 |
Platform(s): | Ubuntu 8.10 Ubuntu 8.04 | Product(s): | kvm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13656 | |||
Oval ID: | oval:org.mitre.oval:def:13656 | ||
Title: | USN-776-2 -- kvm regression | ||
Description: | USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a regression was introduced in Ubuntu 8.04 LTS that caused KVM to fail to boot virtual machines started via libvirt. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. Alfredo Ortega discovered that KVM�s VNC protocol handler did not correctly validate certain messages. A remote attacker could send specially crafted VNC messages that would cause KVM to consume CPU resources, leading to a denial of service. Jan Niehusmann discovered that KVM�s Cirrus VGA implementation over VNC did not correctly handle certain bitblt operations. A local attacker could exploit this flaw to potentially execute arbitrary code on the VM host or crash KVM, leading to a denial of service. It was discovered that KVM�s VNC password checks did not use the correct length. A remote attacker could exploit this flaw to cause KVM to crash, leading to a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-776-2 CVE-2008-1945 CVE-2008-2004 CVE-2008-2382 CVE-2008-4539 CVE-2008-5714 | Version: | 5 |
Platform(s): | Ubuntu 8.04 | Product(s): | kvm |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-19 | Name : Debian Security Advisory DSA 1907-1 (kvm) File : nvt/deb_1907_1.nasl |
2009-06-05 | Name : Ubuntu USN-707-1 (cupsys) File : nvt/ubuntu_707_1.nasl |
2009-06-05 | Name : Ubuntu USN-776-2 (kvm) File : nvt/ubuntu_776_2.nasl |
2009-05-20 | Name : Ubuntu USN-776-1 (kvm) File : nvt/ubuntu_776_1.nasl |
2009-04-06 | Name : SuSE Security Summary SUSE-SR:2009:008 File : nvt/suse_sr_2009_008.nasl |
2009-01-20 | Name : Mandrake Security Advisory MDVSA-2009:008 (qemu) File : nvt/mdksa_2009_008.nasl |
2009-01-20 | Name : Mandrake Security Advisory MDVSA-2009:009 (kvm) File : nvt/mdksa_2009_009.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:002 File : nvt/suse_sr_2009_002.nasl |
2009-01-20 | Name : Ubuntu USN-708-1 (hplip) File : nvt/ubuntu_708_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
51033 | Qemu monitor.c Off-by-one VNC Password Weakness |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1907.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kvm-090112.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_qemu-090325.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kvm-090112.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_qemu-090325.nasl - Type : ACT_GATHER_INFO |
2009-05-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-776-2.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-776-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-008.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-009.nasl - Type : ACT_GATHER_INFO |
2009-04-03 | Name : The remote openSUSE host is missing a security update. File : suse_qemu-6123.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:08:35 |
|
2021-04-22 01:08:57 |
|
2020-05-23 00:22:47 |
|
2017-08-08 09:24:35 |
|
2016-04-26 18:10:23 |
|
2014-02-17 10:47:47 |
|
2013-05-11 00:33:36 |
|