Vigil@nce: qemu-kvm, access via VNC
January 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When the password of qemu-kvm 0.10.6 is empty, an attacker can
connect to VNC.
– Severity: 2/4
– Creation date: 11/01/2011
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The qemu-kvm product is a special version of qemu supporting
hardware virtualization for Linux.
According to the documentation, when the VNC password is empty,
the authentication is enabled (VNC_AUTH_VNC), but every trial is
rejected.
In version 0.10.6, the vnc_display_password() function was
modified (VNC_AUTH_NONE). Thus, when the VNC password is empty,
every access is allowed.
When the password of qemu-kvm 0.10.6 is empty, an attacker can
therefore connect to VNC.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/qemu-kvm-access-via-VNC-10260