Vulnerability Description
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.
CVSS Score
7.8
HIGH
AV:N/AC:L/Au:N/C:C/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qemu | Qemu | 0.9.1 |
Related Weaknesses (CWE)
References
- http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html
- http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html
- http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
- http://secunia.com/advisories/33568
- http://secunia.com/advisories/34642
- http://secunia.com/advisories/35062
- http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966
- http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pat
- http://www.securityfocus.com/bid/33020
- http://www.ubuntu.com/usn/usn-776-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47683
- http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html
- http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html
- http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
FAQ
What is CVE-2008-5714?
CVE-2008-5714 is a vulnerability with a CVSS score of 7.8 (HIGH). Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.
How severe is CVE-2008-5714?
CVE-2008-5714 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5714?
Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu.