Vulnerability Name:

CVE-2011-0011 (CCN-65215)

Assigned:2010-12-07
Published:2011-01-07
Updated:2020-11-02
Summary:qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:A/AC:H/Au:N/C:P/I:P/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:A/AC:H/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
8.1 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.3 Medium (REDHAT CVSS v2 Vector: AV:A/AC:H/Au:N/C:P/I:P/A:P)
3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:A/AC:H/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-287
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2011-0011

Source: CCN
Type: RHSA-2011-0345
Moderate: qemu-kvm security update

Source: REDHAT
Type: UNKNOWN
RHSA-2011:0345

Source: CCN
Type: SA42830
QEMU Empty VNC Password Authentication Bypass Security Issue

Source: SECUNIA
Type: Vendor Advisory
42830

Source: SECUNIA
Type: Vendor Advisory
43272

Source: SECUNIA
Type: Vendor Advisory
43733

Source: SECUNIA
Type: Vendor Advisory
44393

Source: UBUNTU
Type: UNKNOWN
USN-1063-1

Source: CCN
Type: QEMU Web site
QEMU

Source: DEBIAN
Type: DSA-2230
qemu-kvm -- several vulnerabilities

Source: MLIST
Type: UNKNOWN
[oss-security] 20110110 CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication

Source: MLIST
Type: UNKNOWN
[oss-security] 20110110 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication

Source: MLIST
Type: UNKNOWN
[oss-security] 20110112 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication

Source: OSVDB
Type: UNKNOWN
70992

Source: CCN
Type: OSVDB ID: 70992
QEMU Empty VNC Password Authentication Bypass

Source: CCN
Type: BID-45743
QEMU KVM VNC Password Security Bypass Vulnerability

Source: CCN
Type: Ubuntu Bug #697197
Empty password allows access to VNC in libvirt

Source: MISC
Type: UNKNOWN
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197

Source: XF
Type: UNKNOWN
qemu-vnc-security-bypass(65215)

Source: XF
Type: UNKNOWN
qemu-vnc-security-bypass(65215)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:qemu:qemu:*:rc2:*:*:*:*:*:* (Version <= 0.11.0)
  • OR cpe:/a:qemu:qemu:0.11.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:qemu:qemu:0.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:qemu:qemu:0.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:qemu:qemu:0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:qemu:qemu:0.10.3:*:*:*:*:*:*:*
  • OR cpe:/a:qemu:qemu:0.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:qemu:qemu:0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:qemu:qemu:0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:qemu:qemu:0.11.0:rc0:*:*:*:*:*:*
  • OR cpe:/a:qemu:qemu:0.10.6:*:*:*:*:*:*:*
  • OR cpe:/a:qemu:qemu:0.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:qemu:qemu:0.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:qemu:qemu:0.10.5:*:*:*:*:*:*:*
  • OR cpe:/a:qemu:qemu:0.10.4:*:*:*:*:*:*:*
  • OR cpe:/a:qemu:qemu:0.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:qemu:qemu:0.1.3:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:fabrice_bellard:qemu:0.8.2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:13486
    P
    		USN-1063-1 -- qemu-kvm vulnerability
    2014-06-30
    oval:org.mitre.oval:def:12987
    P
    		DSA-2230-1 qemu-kvm -- several
    2014-06-23
    oval:org.mitre.oval:def:22978
    P
    		ELSA-2011:0345: qemu-kvm security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:21887
    P
    		RHSA-2011:0345: qemu-kvm security update (Moderate)
    2014-02-24
    oval:com.redhat.rhsa:def:20110345
    P
    		RHSA-2011:0345: qemu-kvm security update (Moderate)
    2011-03-10
    BACK
    qemu qemu * rc2
    qemu qemu 0.11.0 rc1
    qemu qemu 0.10.1
    qemu qemu 0.10.0
    qemu qemu 0.1.0
    qemu qemu 0.10.3
    qemu qemu 0.10.2
    qemu qemu 0.1.2
    qemu qemu 0.1.1
    qemu qemu 0.11.0 rc0
    qemu qemu 0.10.6
    qemu qemu 0.1.6
    qemu qemu 0.1.5
    qemu qemu 0.10.5
    qemu qemu 0.10.4
    qemu qemu 0.1.4
    qemu qemu 0.1.3
    fabrice_bellard qemu 0.8.2
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6