Summary: | app-emulation/qemu-0.11.1: off-by-one bug limiting VNC passwords to 7 char (CVE-2008-5714) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Bruno Buss <bruno.buss> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED OBSOLETE | ||
Severity: | minor | CC: | lu_zero |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html | ||
Whiteboard: | C3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Bruno Buss
2008-12-26 12:50:21 UTC
CVE-2008-5714 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5714): Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended. Hi, can't we just remove the older, vulnerable versions? This comment has been removed because it contained spam. -- idl0r GLSA vote: yes. GLSA Vote: no. There already is a request for qemu for several bugs, so we might as well include this one. I vote YES. .. and added to the request. @security: 1 year follow up ping. |