qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-97:01 advisory.

    KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware.
    Using KVM, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual     machine has private virtualized hardware: a network card, disk, graphics adapter, etc.
    Security issues fixed with this release:
    CVE-2011-0011     No information available at the time of writing, please refer to the CVE links     below.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0345 advisory.

    - kvm-Fix-CVE-2011-0011-qemu-kvm-Setting-VNC-password-to-e.patch [bz#668598]
    - Resolves: bz#668598       (CVE-2011-0011 qemu-kvm: Setting VNC password to empty string silently disables all authentication     [rhel-6.0.z])

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0345 advisory.

    KVM (Kernel-based Virtual Machine) is a full virtualization solution for     Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component     for running virtual machines using KVM. Virtual Network Computing (VNC) is     a remote display system.

    A flaw was found in the way the VNC password option was handled. Clearing     a password disabled VNC authentication, allowing a remote user able to     connect to the virtual machines' VNC ports to open a VNC session without     authentication. (CVE-2011-0011)

    All users of qemu-kvm should upgrade to these updated packages, which     contain a backported patch to resolve this issue. After installing this     update, shut down all running virtual machines. Once all virtual machines     have shut down, start them again for this update to take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

A flaw was found in the way the VNC 'password' option was handled.
Clearingaa password disabled VNC authentication, allowing a remote user able to connect to the virtual machines' VNC ports to open a VNC session without authentication. (CVE-2011-0011)

After installing this update, shut down all running virtual machines.
Once all virtual machines have shut down, start them again for this update to take effect.

Two vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware :

  - CVE-2011-0011     Setting the VNC password to an empty string silently     disabled all authentication.

  - CVE-2011-1750     The virtio-blk driver performed insufficient validation     of read/write I/O from the guest instance, which could     lead to denial of service or privilege escalation.

The oldstable distribution (lenny) is not affected by this problem.

Neil Wilson discovered that if VNC passwords were blank in QEMU configurations, access to VNC sessions was allowed without a password instead of being disabled. A remote attacker could connect to running VNC sessions of QEMU and directly control the system. By default, QEMU does not start VNC sessions.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
284298	MiracleLinux 4 : qemu-kvm-0.12.1.2-2.113.AXS4.8 (AXSA:2011-97:01)	Nessus	Miracle Linux Local Security Checks	high
68227	Oracle Linux 6 : qemu-kvm (ELSA-2011-0345)	Nessus	Oracle Linux Local Security Checks	critical
63974	RHEL 6 : qemu-kvm (RHSA-2011:0345)	Nessus	Red Hat Local Security Checks	high
60989	Scientific Linux Security Update : qemu-kvm on SL6.x x86_64	Nessus	Scientific Linux Local Security Checks	medium
53605	Debian DSA-2230-1 : qemu-kvm - several vulnerabilities	Nessus	Debian Local Security Checks	high
51986	Ubuntu 9.10 / 10.04 LTS / 10.10 : qemu-kvm vulnerability (USN-1063-1)	Nessus	Ubuntu Local Security Checks	medium

Detections

Analytics

CVE-2011-0011

high

Tenable Plugins

high

critical

high

medium

high

medium