UbuntuUSN-1063-1QEMU vulnerability
6.2 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:H/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.9%
Releases
- Ubuntu 10.10
- Ubuntu 10.04
- Ubuntu 9.10
Packages
- qemu-kvm - Full virtualization on i386 and amd64 hardware
Details
Neil Wilson discovered that if VNC passwords were blank in QEMU
configurations, access to VNC sessions was allowed without a password
instead of being disabled. A remote attacker could connect to running
VNC sessions of QEMU and directly control the system. By default, QEMU
does not start VNC sessions.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 9.10 | noarch | qemu-kvm | < 0.11.0-0ubuntu6.4 | UNKNOWN |
| Ubuntu | 9.10 | noarch | kvm | < 1:84+dfsg-0ubuntu16+0.11.0+0ubuntu6.4 | UNKNOWN |
| Ubuntu | 9.10 | noarch | qemu | < 0.11.0-0ubuntu6.4 | UNKNOWN |
| Ubuntu | 9.10 | noarch | qemu-arm-static | < 0.11.0-0ubuntu6.4 | UNKNOWN |
| Ubuntu | 9.10 | noarch | qemu-kvm-extras | < 0.11.0-0ubuntu6.4 | UNKNOWN |
| Ubuntu | 9.10 | noarch | kvm | < 0.11.0-0ubuntu6.4 | UNKNOWN |
| Ubuntu | 10.10 | noarch | qemu-kvm | < 0.12.5+noroms-0ubuntu7.2 | UNKNOWN |
| Ubuntu | 10.10 | noarch | kvm | < 1:84+dfsg-0ubuntu16+0.12.5+noroms+0ubuntu7.2 | UNKNOWN |
| Ubuntu | 10.10 | noarch | qemu | < 0.12.5+noroms-0ubuntu7.2 | UNKNOWN |
| Ubuntu | 10.10 | noarch | qemu-arm-static | < 0.12.5+noroms-0ubuntu7.2 | UNKNOWN |
References
Related
6.2 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:H/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.9%