Описание
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libvirt | fixed | 2.0.0-1 | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=1180092
Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bb848feec0f3f10e92dd8e5231ae7aa89b5598f3 (v2.0.0)
Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=f32441c69bf450d6ac593c3acd621c37e120cdaf (v1.2.9-maint)
http://security.libvirt.org/2016/0001.html
EPSS
Связанные уязвимости
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
EPSS