QEMU vulnerability

ID USN-1063-1
Type ubuntu
Reporter Ubuntu
Modified 2011-02-14T00:00:00


Neil Wilson discovered that if VNC passwords were blank in QEMU configurations, access to VNC sessions was allowed without a password instead of being disabled. A remote attacker could connect to running VNC sessions of QEMU and directly control the system. By default, QEMU does not start VNC sessions.