Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Jan 2011 17:42:43 -0700
From: Kurt Seifried <>
To:, Petr Matousek <>
Subject: Re: CVE request: qemu-kvm: Setting VNC password to
 empty string silently disables all authentication

> Upstream changes have introduced a flaw by disabling all authentication when
> the password was cleared with upstream commit [1].
> [1]

Confirmed vulnerable in qemu-kvm source code 0.10.6, fixed in 0.11.0

Kurt Seifried
skype: 1-703-879-3176

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ