4.3 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:H/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
83.5%
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component
for running virtual machines using KVM. Virtual Network Computing (VNC) is
a remote display system.
A flaw was found in the way the VNC “password” option was handled. Clearing
a password disabled VNC authentication, allowing a remote user able to
connect to the virtual machines’ VNC ports to open a VNC session without
authentication. (CVE-2011-0011)
All users of qemu-kvm should upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | x86_64 | qemu-kvm | < 0.12.1.2-2.113.el6_0.8 | qemu-kvm-0.12.1.2-2.113.el6_0.8.x86_64.rpm |
RedHat | 6 | x86_64 | qemu-kvm-tools | < 0.12.1.2-2.113.el6_0.8 | qemu-kvm-tools-0.12.1.2-2.113.el6_0.8.x86_64.rpm |
RedHat | 6 | x86_64 | qemu-kvm-debuginfo | < 0.12.1.2-2.113.el6_0.8 | qemu-kvm-debuginfo-0.12.1.2-2.113.el6_0.8.x86_64.rpm |
RedHat | 6 | src | qemu-kvm | < 0.12.1.2-2.113.el6_0.8 | qemu-kvm-0.12.1.2-2.113.el6_0.8.src.rpm |
RedHat | 6 | x86_64 | qemu-img | < 0.12.1.2-2.113.el6_0.8 | qemu-img-0.12.1.2-2.113.el6_0.8.x86_64.rpm |