CVE 2011-0011
qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.
Related bugs and status
CVE-2011-0011 (Candidate) is related to these bugs:
Bug #697197: Empty password allows access to VNC in libvirt
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 697197 | Empty password allows access to VNC in libvirt | libvirt (Ubuntu) | Undecided | Invalid | ||
| 697197 | Empty password allows access to VNC in libvirt | libvirt | Medium | Invalid | ||
| 697197 | Empty password allows access to VNC in libvirt | qemu-kvm (Ubuntu) | Medium | Fix Released | ||
| 697197 | Empty password allows access to VNC in libvirt | qemu-kvm | Medium | Fix Released | ||
| 697197 | Empty password allows access to VNC in libvirt | QEMU | Undecided | Fix Released | ||
| 697197 | Empty password allows access to VNC in libvirt | libvirt (Ubuntu Maverick) | Undecided | Invalid | ||
| 697197 | Empty password allows access to VNC in libvirt | qemu-kvm (Ubuntu Maverick) | Medium | Fix Released | ||
| 697197 | Empty password allows access to VNC in libvirt | libvirt (Ubuntu Natty) | Undecided | Invalid | ||
| 697197 | Empty password allows access to VNC in libvirt | qemu-kvm (Ubuntu Natty) | Medium | Fix Released | ||
| 697197 | Empty password allows access to VNC in libvirt | libvirt (Ubuntu Lucid) | Undecided | Invalid | ||
| 697197 | Empty password allows access to VNC in libvirt | qemu-kvm (Ubuntu Lucid) | Medium | Fix Released | ||
| 697197 | Empty password allows access to VNC in libvirt | libvirt (Ubuntu Karmic) | Undecided | Invalid | ||
| 697197 | Empty password allows access to VNC in libvirt | qemu-kvm (Ubuntu Karmic) | Medium | Fix Released | ||
| 697197 | Empty password allows access to VNC in libvirt | qemu-kvm (Debian) | Unknown | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
