Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 252595 (CVE-2008-5714) - app-emulation/qemu-0.11.1: off-by-one bug limiting VNC passwords to 7 char (CVE-2008-5714)
Summary: app-emulation/qemu-0.11.1: off-by-one bug limiting VNC passwords to 7 char (C...
Status: RESOLVED OBSOLETE
Alias: CVE-2008-5714
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor
Assignee: Gentoo Security
URL: http://lists.gnu.org/archive/html/qem...
Whiteboard: C3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-12-26 12:50 UTC by Bruno Buss
Modified: 2013-08-28 02:00 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Bruno Buss 2008-12-26 12:50:21 UTC
Description:
"Fix off-by-one bug limiting VNC passwords to 7 characters instead of 8

monitor_readline expects buf_size to include the terminating \0, but
do_change_vnc in monitor.c calls it as though it doesn't. The other site
where monitor_readline reads a password (in vl.c) passes the buffer length
correctly."

CVE-2008-5714 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5714):
"Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended."

Fix in SVN:
http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-12-27 18:58:57 UTC
CVE-2008-5714 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5714):
  Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for
  remote attackers to guess the VNC password, which is limited to seven
  characters where eight was intended.

Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2009-12-10 20:57:03 UTC
Hi, can't we just remove the older, vulnerable versions?
Comment 3 Martini peres 2012-03-05 12:08:38 UTC
This comment has been removed because it contained spam. -- idl0r
Comment 4 Sean Amoss (RETIRED) gentoo-dev Security 2012-03-09 18:00:58 UTC
GLSA vote: yes.
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2012-03-11 06:50:19 UTC
GLSA Vote: no.
Comment 6 Tobias Heinlein (RETIRED) gentoo-dev 2012-08-14 15:57:51 UTC
There already is a request for qemu for several bugs, so we might as well include this one. I vote YES.

.. and added to the request.
Comment 7 Doug Goldstein (RETIRED) gentoo-dev 2013-08-28 01:22:39 UTC
@security: 1 year follow up ping.