ID CVE-2011-1773
Summary virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password.
References
Vulnerable Configurations
  • cpe:2.3:a:matthew_booth:virt-v2v:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:matthew_booth:virt-v2v:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:matthew_booth:virt-v2v:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
CVSS
Base: 4.4 (as of 22-04-2019 - 17:48)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 732421
title Guest will BSOD if boot from Windows Recovery Console after conversion
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment virt-v2v is earlier than 0:0.8.3-5.el6
      oval oval:com.redhat.rhsa:tst:20111615001
    • comment virt-v2v is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20111615002
rhsa
id RHSA-2011:1615
released 2011-12-05
severity Low
title RHSA-2011:1615: virt-v2v security and bug fix update (Low)
rpms virt-v2v-0:0.8.3-5.el6
refmap via4
confirm
osvdb 77558
secunia 47086
Last major update 22-04-2019 - 17:48
Published 08-02-2014 - 00:55
Last modified 22-04-2019 - 17:48
Back to Top