[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80167

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-5714

Date: (C)2008-12-24   (M)2017-11-18 


Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.

CVSS Score: 7.8Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.9Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: NONE
 Availability: NONE





Reference:
BID-33020
SECUNIA-33568
SECUNIA-34642
SECUNIA-35062
SUSE-SR:2009:002
SUSE-SR:2009:008
USN-776-1
http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html
http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html
http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966
http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966
qemu-monitor-weak-security(47683)

CPE    1
cpe:/a:qemu:qemu:0.9.1
CWE    1
CWE-189
OVAL    6
oval:org.secpod.oval:def:300472
oval:org.secpod.oval:def:301195
oval:org.secpod.oval:def:700373
oval:org.mitre.oval:def:7760
...

© 2013 SecPod Technologies