Executive Summary

Summary
Title QEMU vulnerability
Informations
NameUSN-1063-1First vendor Publication2011-02-14
VendorUbuntuLast vendor Modification2011-02-14
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score4.3Attack RangeAdjacent network
Cvss Impact Score6.4Attack ComplexityHigh
Cvss Expoit Score3.2AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 9.10:
kvm 0.11.0-0ubuntu6.4
qemu 0.11.0-0ubuntu6.4
qemu-arm-static 0.11.0-0ubuntu6.4
qemu-kvm 0.11.0-0ubuntu6.4
qemu-kvm-extras 0.11.0-0ubuntu6.4

Ubuntu 10.04 LTS:
kvm 0.12.3+noroms-0ubuntu9.4
qemu 0.12.3+noroms-0ubuntu9.4
qemu-arm-static 0.12.3+noroms-0ubuntu9.4
qemu-common 0.12.3+noroms-0ubuntu9.4
qemu-kvm 0.12.3+noroms-0ubuntu9.4
qemu-kvm-extras 0.12.3+noroms-0ubuntu9.4
qemu-kvm-extras-static 0.12.3+noroms-0ubuntu9.4

Ubuntu 10.10:
kvm 0.12.5+noroms-0ubuntu7.2
qemu 0.12.5+noroms-0ubuntu7.2
qemu-arm-static 0.12.5+noroms-0ubuntu7.2
qemu-kvm 0.12.5+noroms-0ubuntu7.2
qemu-kvm-extras 0.12.5+noroms-0ubuntu7.2
qemu-kvm-extras-static 0.12.5+noroms-0ubuntu7.2

After a standard system update you need to restart any running QEMU sessions to make all the necessary changes.

Details follow:

Neil Wilson discovered that if VNC passwords were blank in QEMU configurations, access to VNC sessions was allowed without a password instead of being disabled. A remote attacker could connect to running VNC sessions of QEMU and directly control the system. By default, QEMU does not start VNC sessions.

Original Source

Url : http://www.ubuntu.com/usn/USN-1063-1

CWE : Common Weakness Enumeration

idName
CWE-287Improper Authentication

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21887
 
Oval ID: oval:org.mitre.oval:def:21887
Title: RHSA-2011:0345: qemu-kvm security update (Moderate)
Description: qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.
Family: unix Class: patch
Reference(s): RHSA-2011:0345-01
CVE-2011-0011
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13486
 
Oval ID: oval:org.mitre.oval:def:13486
Title: USN-1063-1 -- qemu-kvm vulnerability
Description: Neil Wilson discovered that if VNC passwords were blank in QEMU configurations, access to VNC sessions was allowed without a password instead of being disabled. A remote attacker could connect to running VNC sessions of QEMU and directly control the system. By default, QEMU does not start VNC sessions.
Family: unix Class: patch
Reference(s): USN-1063-1
CVE-2011-0011
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22978
 
Oval ID: oval:org.mitre.oval:def:22978
Title: ELSA-2011:0345: qemu-kvm security update (Moderate)
Description: qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.
Family: unix Class: patch
Reference(s): ELSA-2011:0345-01
CVE-2011-0011
Version: 6
Platform(s): Oracle Linux 6
Product(s): qemu-kvm
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application17

OpenVAS Exploits

DateDescription
2012-06-06Name : RedHat Update for qemu-kvm RHSA-2011:0345-01
File : nvt/gb_RHSA-2011_0345-01_qemu-kvm.nasl
2011-05-12Name : Debian Security Advisory DSA 2230-1 (qemu-kvm)
File : nvt/deb_2230_1.nasl
2011-02-16Name : Ubuntu Update for qemu-kvm vulnerability USN-1063-1
File : nvt/gb_ubuntu_USN_1063_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
70992QEMU Empty VNC Password Authentication Bypass

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0345.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0345.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110310_qemu_kvm_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2011-05-02Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2230.nasl - Type : ACT_GATHER_INFO
2011-02-15Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1063-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:58:17
  • Multiple Updates