CVE-2008-5714 - Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the V

CVE-2008-5714

Summary

Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.

References

Vulnerable Configurations

cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 08-08-2017 - 01:33)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:N/A:N

refmap via4

bid	33020
confirm	http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966 http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966
mlist	[qemu-devel] 20081123 [PATCH] Fix off-by-one bug limiting VNC passwords to 7 chars [qemu-devel] 20081210 Re: [RESEND] [PATCH v2] Fix off-by-one bug limiting VNC passwords to 7 chars
secunia	33568 34642 35062
suse	SUSE-SR:2009:002 SUSE-SR:2009:008
ubuntu	USN-776-1
xf	qemu-monitor-weak-security(47683)

statements via4

contributor	Joshua Bressers
lastmodified	2009-02-26
organization	Red Hat
statement	Not vulnerable. This issue did not affect the versions of Xen as shipped with Red Hat Enterprise Linux 5.

Last major update

08-08-2017 - 01:33

Published

24-12-2008 - 18:29

Last modified

08-08-2017 - 01:33