Vulnerability Details : CVE-2008-5714
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.
Products affected by CVE-2008-5714
- cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-5714
0.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-5714
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:C/I:N/A:N |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2008-5714
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-5714
-
Red Hat 2009-02-26Not vulnerable. This issue did not affect the versions of Xen as shipped with Red Hat Enterprise Linux 5.
References for CVE-2008-5714
-
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:008 - openSUSE Security Announce - openSUSE Mailing Lists
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/47683
QEMU monitor.c weak security CVE-2008-5714 Vulnerability Report
-
http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html
[Qemu-devel] Re: [RESEND] [PATCH v2] Fix off-by-one bug limiting VNC pas
-
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:002 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966
[qemu] Revision 5966
-
http://www.securityfocus.com/bid/33020
-
http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966
[qemu] Diff of /trunk/monitor.c
-
http://www.ubuntu.com/usn/usn-776-1
USN-776-1: KVM vulnerabilities | Ubuntu security notices | Ubuntu
-
http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html
[Qemu-devel] [PATCH] Fix off-by-one bug limiting VNC passwords to 7 char
Jump to