USN-1063-1: QEMU vulnerability

14 February 2011

Blank passwords allowed unrestricted QEMU VNC session access.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • qemu-kvm - Full virtualization on i386 and amd64 hardware

Details

Neil Wilson discovered that if VNC passwords were blank in QEMU
configurations, access to VNC sessions was allowed without a password
instead of being disabled. A remote attacker could connect to running
VNC sessions of QEMU and directly control the system. By default, QEMU
does not start VNC sessions.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

References