Executive Summary

Summary
Title QEMU vulnerability
Informations
Name USN-1063-1 First vendor Publication 2011-02-14
Vendor Ubuntu Last vendor Modification 2011-02-14
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.3 Attack Range Adjacent network
Cvss Impact Score 6.4 Attack Complexity High
Cvss Expoit Score 3.2 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 9.10:
kvm 0.11.0-0ubuntu6.4
qemu 0.11.0-0ubuntu6.4
qemu-arm-static 0.11.0-0ubuntu6.4
qemu-kvm 0.11.0-0ubuntu6.4
qemu-kvm-extras 0.11.0-0ubuntu6.4

Ubuntu 10.04 LTS:
kvm 0.12.3+noroms-0ubuntu9.4
qemu 0.12.3+noroms-0ubuntu9.4
qemu-arm-static 0.12.3+noroms-0ubuntu9.4
qemu-common 0.12.3+noroms-0ubuntu9.4
qemu-kvm 0.12.3+noroms-0ubuntu9.4
qemu-kvm-extras 0.12.3+noroms-0ubuntu9.4
qemu-kvm-extras-static 0.12.3+noroms-0ubuntu9.4

Ubuntu 10.10:
kvm 0.12.5+noroms-0ubuntu7.2
qemu 0.12.5+noroms-0ubuntu7.2
qemu-arm-static 0.12.5+noroms-0ubuntu7.2
qemu-kvm 0.12.5+noroms-0ubuntu7.2
qemu-kvm-extras 0.12.5+noroms-0ubuntu7.2
qemu-kvm-extras-static 0.12.5+noroms-0ubuntu7.2

After a standard system update you need to restart any running QEMU sessions to make all the necessary changes.

Details follow:

Neil Wilson discovered that if VNC passwords were blank in QEMU configurations, access to VNC sessions was allowed without a password instead of being disabled. A remote attacker could connect to running VNC sessions of QEMU and directly control the system. By default, QEMU does not start VNC sessions.

Original Source

Url : http://www.ubuntu.com/usn/USN-1063-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-287 Improper Authentication

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13486
 
Oval ID: oval:org.mitre.oval:def:13486
Title: USN-1063-1 -- qemu-kvm vulnerability
Description: Neil Wilson discovered that if VNC passwords were blank in QEMU configurations, access to VNC sessions was allowed without a password instead of being disabled. A remote attacker could connect to running VNC sessions of QEMU and directly control the system. By default, QEMU does not start VNC sessions.
Family: unix Class: patch
Reference(s): USN-1063-1
CVE-2011-0011
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21887
 
Oval ID: oval:org.mitre.oval:def:21887
Title: RHSA-2011:0345: qemu-kvm security update (Moderate)
Description: qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.
Family: unix Class: patch
Reference(s): RHSA-2011:0345-01
CVE-2011-0011
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22978
 
Oval ID: oval:org.mitre.oval:def:22978
Title: ELSA-2011:0345: qemu-kvm security update (Moderate)
Description: qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.
Family: unix Class: patch
Reference(s): ELSA-2011:0345-01
CVE-2011-0011
Version: 6
Platform(s): Oracle Linux 6
Product(s): qemu-kvm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27339
 
Oval ID: oval:org.mitre.oval:def:27339
Title: DEPRECATED: ELSA-2011-0345 -- qemu-kvm security update (moderate)
Description: [qemu-kvm-0.12.1.2-2.113.el6_0.8] - kvm-Revert-blockdev-Fix-drive_del-not-to-crash-when-driv.patch [bz#677170] - kvm-Revert-blockdev-check-dinfo-ptr-before-using-v2.patch [bz#677170] - kvm-Revert-Implement-drive_del-to-decouple-block-removal.patch [bz#677170] - kvm-Revert-block-Catch-attempt-to-attach-multiple-device.patch [bz#677170] - kvm-Revert-qdev-Decouple-qdev_prop_drive-from-DriveInfo-.patch [bz#677170] - kvm-Revert-blockdev-Clean-up-automatic-drive-deletion-v2.patch [bz#677170] - kvm-Revert-blockdev-New-drive_get_by_blockdev-v2.patch [bz#677170] - kvm-Revert-qdev-Don-t-leak-string-property-value-on-hot-.patch [bz#677170] - kvm-Revert-ide-Split-non-qdev-code-off-ide_init2.patch [bz#677170] - kvm-Revert-ide-Change-ide_init_drive-to-require-valid-di.patch [bz#677170] - kvm-Revert-ide-Split-ide_init1-off-ide_init2-v2.patch [bz#677170] - kvm-Revert-ide-Remove-redundant-IDEState-member-conf.patch [bz#677170] - Related: bz#677170 (drive_del command to let libvirt safely remove block device from guest) [qemu-kvm-0.12.1.2-2.113.el6_0.7] - kvm-ide-Remove-redundant-IDEState-member-conf.patch [bz#677170] - kvm-ide-Split-ide_init1-off-ide_init2-v2.patch [bz#677170] - kvm-ide-Change-ide_init_drive-to-require-valid-dinfo-arg.patch [bz#677170] - kvm-ide-Split-non-qdev-code-off-ide_init2.patch [bz#677170] - kvm-qdev-Don-t-leak-string-property-value-on-hot-unplug.patch [bz#677170] - kvm-blockdev-New-drive_get_by_blockdev-v2.patch [bz#677170] - kvm-blockdev-Clean-up-automatic-drive-deletion-v2.patch [bz#677170] - kvm-qdev-Decouple-qdev_prop_drive-from-DriveInfo-v2.patch [bz#677170] - kvm-block-Catch-attempt-to-attach-multiple-devices-to-a-.patch [bz#677170] - kvm-Implement-drive_del-to-decouple-block-removal-from-d.patch [bz#677170] - kvm-blockdev-check-dinfo-ptr-before-using-v2.patch [bz#677170] - kvm-blockdev-Fix-drive_del-not-to-crash-when-drive-is-no.patch [bz#677170] - kvm-Fix-CVE-2011-0011-qemu-kvm-Setting-VNC-password-to-e.patch [bz#668598] - Resolves: bz#668598 (CVE-2011-0011 qemu-kvm: Setting VNC password to empty string silently disables all authentication [rhel-6.0.z]) - Resolves: bz#677170 (drive_del command to let libvirt safely remove block device from guest)
Family: unix Class: patch
Reference(s): ELSA-2011-0345
CVE-2011-0011
Version: 4
Platform(s): Oracle Linux 6
Product(s): qemu-kvm
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 47

OpenVAS Exploits

Date Description
2012-06-06 Name : RedHat Update for qemu-kvm RHSA-2011:0345-01
File : nvt/gb_RHSA-2011_0345-01_qemu-kvm.nasl
2011-05-12 Name : Debian Security Advisory DSA 2230-1 (qemu-kvm)
File : nvt/deb_2230_1.nasl
2011-02-16 Name : Ubuntu Update for qemu-kvm vulnerability USN-1063-1
File : nvt/gb_ubuntu_USN_1063_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
70992 QEMU Empty VNC Password Authentication Bypass

QEMU contains a flaw related to the incorrect disabling of authentication when empty VNC passwords are set. This may allow an attacker to bypass password authentication and access the VNC service.

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0345.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0345.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110310_qemu_kvm_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2011-05-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2230.nasl - Type : ACT_GATHER_INFO
2011-02-15 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1063-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:58:17
  • Multiple Updates