CVE-2011-0011

Published: Jun 21, 2012Modified: Apr 29, 2026

4.3

Vector

AV:A/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 3.2 / Impact: 6.4

Source: NVD

Description

qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.

Affected (17)

Products: Qemu: Qemu

1 product

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Up to 0.11.0
Qemu Qemu	Version 0.1.0
Qemu Qemu	Version 0.1.1
Qemu Qemu	Version 0.1.2
Qemu Qemu	Version 0.1.3
Qemu Qemu	Version 0.1.4
Qemu Qemu	Version 0.1.5
Qemu Qemu	Version 0.1.6
Qemu Qemu	Version 0.10.0
Qemu Qemu	Version 0.10.1
Qemu Qemu	Version 0.10.2
Qemu Qemu	Version 0.10.3
Qemu Qemu	Version 0.10.4
Qemu Qemu	Version 0.10.5
Qemu Qemu	Version 0.10.6
Qemu Qemu	Version 0.11.0 rc0
Qemu Qemu	Version 0.11.0 rc1

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (24)

http://rhn.redhat.com/errata/RHSA-2011-0345.html

Source: secalert@redhat.com

http://secunia.com/advisories/42830

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/43272

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/43733

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/44393

Source: secalert@redhat.com

Vendor Advisory

http://ubuntu.com/usn/usn-1063-1

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2011/01/10/3

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2011/01/11/1

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2011/01/12/2

Source: secalert@redhat.com

http://www.osvdb.org/70992

Source: secalert@redhat.com

https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/65215

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2011-0345.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/42830

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/43272

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/43733

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/44393

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://ubuntu.com/usn/usn-1063-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2011/01/10/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2011/01/11/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2011/01/12/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/70992

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/65215

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.