Vulnerability CVE-2008-5714

Vulnerability Name:

CVE-2008-5714 (CCN-47683)

Assigned:

2008-11-23

Published:

2008-11-23

Updated:

2017-08-08

Summary:

Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-189

Vulnerability Consequences:

Other

References:

Source: MITRE
Type: CNA
CVE-2008-5714

Source: CCN
Type: Qemu-devel Mailing List, Sun, 23 Nov 2008 11:31:47 +0000
[PATCH] Fix off-by-one bug limiting VNC passwords to 7 char

Source: MLIST
Type: UNKNOWN
[qemu-devel] 20081123 [PATCH] Fix off-by-one bug limiting VNC passwords to 7 chars

Source: CCN
Type: Qemu-devel Mailing List, Wed, 10 Dec 2008 09:14:49 -0600
Re: [RESEND] [PATCH v2] Fix off-by-one bug limiting VNC pas

Source: MLIST
Type: UNKNOWN
[qemu-devel] 20081210 Re: [RESEND] [PATCH v2] Fix off-by-one bug limiting VNC passwords to 7 chars

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:002

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:008

Source: SECUNIA
Type: UNKNOWN
33568

Source: SECUNIA
Type: UNKNOWN
34642

Source: SECUNIA
Type: UNKNOWN
35062

Source: CONFIRM
Type: UNKNOWN
http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966

Source: CCN
Type: qemu CVS Repository
[qemu] Diff of /trunk/monitor.c

Source: CONFIRM
Type: UNKNOWN
http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966

Source: DEBIAN
Type: DSA-1907
kvm -- several vulnerabilities

Source: CCN
Type: OSVDB ID: 51033
Qemu monitor.c Off-by-one VNC Password Weakness

Source: BID
Type: UNKNOWN
33020

Source: CCN
Type: BID-33020
QEMU VNC 'monitor.c' Insecure Password Vulnerability

Source: CCN
Type: USN-776-1
KVM vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-776-1

Source: CCN
Type: USN-776-2
KVM regression

Source: XF
Type: UNKNOWN
qemu-monitor-weak-security(47683)

Source: XF
Type: UNKNOWN
qemu-monitor-weak-security(47683)

Source: SUSE
Type: SUSE-SR:2009:002
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2009:008
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:qemu:qemu:0.9.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20085714	V	CVE-2008-5714	2022-05-20
oval:org.opensuse.security:def:42342	P	Security update for systemd (Moderate)	2022-02-21
oval:org.opensuse.security:def:26217	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:31720	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:32244	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:31712	P	Security update for xen (Moderate)	2021-12-01
oval:org.opensuse.security:def:31711	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:32222	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:26164	P	Security update for MozillaFirefox (Important)	2021-11-17
oval:org.opensuse.security:def:42139	P	Security update for the Linux Kernel (Important)	2021-11-11
oval:org.opensuse.security:def:31286	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:26143	P	Security update for curl (Moderate)	2021-10-11
oval:org.opensuse.security:def:26115	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:31263	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:32178	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:32156	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:31654	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:31646	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:31212	P	Security update for ovmf (Important)	2021-06-22
oval:org.opensuse.security:def:31200	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-15
oval:org.opensuse.security:def:32117	P	Security update for caribou (Important)	2021-06-10
oval:org.opensuse.security:def:31634	P	Security update for qemu (Important)	2021-06-08
oval:org.opensuse.security:def:36168	P	kvm-1.4.2-30.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42575	P	kvm-1.4.2-30.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26062	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:26059	P	Security update for postgresql12 (Moderate)	2021-05-27
oval:org.opensuse.security:def:31620	P	Security update for the Linux Kernel (Important)	2021-05-18
oval:org.opensuse.security:def:32088	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:32899	P	Security update for xen (Important)	2021-04-19
oval:org.opensuse.security:def:32068	P	Security update for spamassassin (Important)	2021-04-12
oval:org.opensuse.security:def:33092	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:31355	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:26203	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:31655	P	Security update for MozillaFirefox (Important)	2021-01-29
oval:org.opensuse.security:def:31201	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:31635	P	Security update for java-1_7_1-ibm (Moderate)	2021-01-04
oval:org.opensuse.security:def:32020	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:32012	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:35732	P	kvm-0.15.1-0.17.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35935	P	kvm-1.4.1-0.11.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35577	P	kvm-0.12.3-0.11.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41984	P	kvm-0.12.3-0.11.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32001	P	Security update for python3 (Important)	2020-12-02
oval:org.opensuse.security:def:31510	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31866	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:32454	P	Security update for xorg-x11-libICE (Moderate)	2020-12-01
oval:org.opensuse.security:def:31402	P	Security update for perl-DBD-mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:32410	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:32388	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:25204	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:25554	P	Security update for unzip (Moderate)	2020-12-01
oval:org.opensuse.security:def:25846	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:26934	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25295	P	Security update for python-ipaddress (Important)	2020-12-01
oval:org.opensuse.security:def:25625	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25962	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:27131	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25486	P	Security update for openssl-1_1 (Important)	2020-12-01
oval:org.opensuse.security:def:25770	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31865	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:25717	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25921	P	Recommended update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26294	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:31821	P	Security update for avahi (Moderate)	2020-12-01
oval:org.opensuse.security:def:31131	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:31499	P	Security update for python-paramiko (Important)	2020-12-01
oval:org.opensuse.security:def:31799	P	Security update for SDL (Moderate)	2020-12-01
oval:org.opensuse.security:def:31567	P	Security update for squid3 (Important)	2020-12-01
oval:org.opensuse.security:def:31915	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:31403	P	Security update for perl-DBD-mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:26542	P	evolution-data-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31852	P	Recommended udpate for SUSE Manager Client Tools (Low)	2020-12-01
oval:org.opensuse.security:def:25904	P	Security update for gegl (Moderate)	2020-12-01
oval:org.opensuse.security:def:25128	P	Security update for w3m (Moderate)	2020-12-01
oval:org.opensuse.security:def:25332	P	Security update for sane-backends (Important)	2020-12-01
oval:org.opensuse.security:def:25705	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26015	P	Security update for libplist (Moderate)	2020-12-01
oval:org.opensuse.security:def:25359	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:25709	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26001	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:27166	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25497	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:25827	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:32503	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25718	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:26002	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26347	P	Security update for jq (Low)	2020-12-01
oval:org.opensuse.security:def:31045	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31976	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:31954	P	Security update for gstreamer-0_10-plugins-base (Important)	2020-12-01
oval:org.opensuse.security:def:33131	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31414	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:31769	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26577	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31944	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:32300	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:26697	P	findutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25129	P	Security update for openssl-1_1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25413	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:25758	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26261	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25283	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:25487	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:25860	P	Security update for bash (Moderate)	2020-12-01
oval:org.opensuse.security:def:25561	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25911	P	Security update for gstreamer-plugins-base (Low)	2020-12-01
oval:org.opensuse.security:def:32542	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25729	P	Security update for spamassassin (Important)	2020-12-01
oval:org.opensuse.security:def:26396	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32658	P	evolution-data-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31046	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:31418	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31810	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31488	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:31856	P	Security update for cups (Moderate)	2020-12-01
oval:org.opensuse.security:def:32349	P	Security update for sqlite3 (Important)	2020-12-01
oval:org.opensuse.security:def:26732	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25140	P	Security update for xmltooling (Moderate)	2020-12-01
oval:org.opensuse.security:def:25470	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:25807	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26899	P	fuse on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25284	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:25568	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:25913	P	Security update for tcpdump, libpcap (Moderate)	2020-12-01
oval:org.opensuse.security:def:26493	P	Security update for phpMyAdmin (Important)	2020-12-01
oval:org.opensuse.security:def:25485	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:25689	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26449	P	Security update for nginx (Moderate)	2020-12-01
oval:org.opensuse.security:def:25793	P	Security update for icedtea-web (Moderate)	2020-12-01
oval:org.opensuse.security:def:26435	P	Security update for znc (Low)	2020-12-01
oval:org.opensuse.security:def:32697	P	kvm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31057	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31412	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31760	P	Security update for MozillaFirefox (Critical)	2020-12-01
oval:org.opensuse.security:def:32860	P	findutils on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:13482	P	USN-776-1 -- kvm vulnerabilities	2014-06-30
oval:org.mitre.oval:def:13656	P	USN-776-2 -- kvm regression	2014-06-30
oval:org.mitre.oval:def:13413	P	DSA-1907-1 kvm -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:7760	P	DSA-1907 kvm -- several vulnerabilities	2014-06-23
oval:org.debian:def:1907	V	several vulnerabilities	2009-10-13
oval:com.ubuntu.precise:def:20085714000	V	CVE-2008-5714 on Ubuntu 12.04 LTS (precise) - medium.	2007-05-08
oval:com.ubuntu.trusty:def:20085714000	V	CVE-2008-5714 on Ubuntu 14.04 LTS (trusty) - medium.	2007-05-08

BACK