Vulnerabilities > CVE-2008-5714 - Numeric Errors vulnerability in Qemu 0.9.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.
Common Weakness Enumeration (CWE)
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-009.NASL description Security vulnerabilities have been discovered and corrected in VNC server of kvm version 79 and earlier, which could lead to denial-of-service attacks (CVE-2008-2382), and make it easier for remote crackers to guess the VNC password (CVE-2008-5714). The updated packages have been patched to prevent this. last seen 2020-06-01 modified 2020-06-02 plugin id 36990 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36990 title Mandriva Linux Security Advisory : kvm (MDVSA-2009:009) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2009:009. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(36990); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:51"); script_cve_id("CVE-2008-2382", "CVE-2008-5714"); script_bugtraq_id(32910); script_xref(name:"MDVSA", value:"2009:009"); script_name(english:"Mandriva Linux Security Advisory : kvm (MDVSA-2009:009)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandriva Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security vulnerabilities have been discovered and corrected in VNC server of kvm version 79 and earlier, which could lead to denial-of-service attacks (CVE-2008-2382), and make it easier for remote crackers to guess the VNC password (CVE-2008-5714). The updated packages have been patched to prevent this." ); script_set_attribute(attribute:"solution", value:"Update the affected kvm package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kvm"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/01/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2009.0", reference:"kvm-74-3.1mdv2009.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_11_0_QEMU-090325.NASL description qemu update to version 0.10.1 fixes the following security issues : CVE-2008-0928: problems with range checks of block devices CVE-2008-1945: problems with removable media handling CVE-2008-2382: vnc server DoS CVE-2008-4539: fix a heap overflow in the cirrus VGA implementation CVE-2008-5714: off by one error in vnc password handling last seen 2020-06-01 modified 2020-06-02 plugin id 40118 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40118 title openSUSE Security Update : qemu (qemu-691) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update qemu-691. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(40118); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:34"); script_cve_id("CVE-2008-0928", "CVE-2008-1945", "CVE-2008-2382", "CVE-2008-4539", "CVE-2008-5714"); script_name(english:"openSUSE Security Update : qemu (qemu-691)"); script_summary(english:"Check for the qemu-691 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "qemu update to version 0.10.1 fixes the following security issues : CVE-2008-0928: problems with range checks of block devices CVE-2008-1945: problems with removable media handling CVE-2008-2382: vnc server DoS CVE-2008-4539: fix a heap overflow in the cirrus VGA implementation CVE-2008-5714: off by one error in vnc password handling" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=362956" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=435135" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=461565" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=462502" ); script_set_attribute(attribute:"solution", value:"Update the affected qemu package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N"); script_cwe_id(119, 189, 200, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"qemu-0.10.1-0.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu"); }NASL family SuSE Local Security Checks NASL id SUSE_11_1_QEMU-090325.NASL description qemu update to version 0.10.1 fixes the following security issues : CVE-2008-0928: problems with range checks of block devices CVE-2008-1945: problems with removable media handling CVE-2008-2382: vnc server DoS CVE-2008-4539: fix a heap overflow in the cirrus VGA implementation CVE-2008-5714: off by one error in vnc password handling last seen 2020-06-01 modified 2020-06-02 plugin id 40302 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40302 title openSUSE Security Update : qemu (qemu-691) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update qemu-691. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(40302); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2008-0928", "CVE-2008-1945", "CVE-2008-2382", "CVE-2008-4539", "CVE-2008-5714"); script_name(english:"openSUSE Security Update : qemu (qemu-691)"); script_summary(english:"Check for the qemu-691 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "qemu update to version 0.10.1 fixes the following security issues : CVE-2008-0928: problems with range checks of block devices CVE-2008-1945: problems with removable media handling CVE-2008-2382: vnc server DoS CVE-2008-4539: fix a heap overflow in the cirrus VGA implementation CVE-2008-5714: off by one error in vnc password handling" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=362956" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=435135" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=461565" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=462502" ); script_set_attribute(attribute:"solution", value:"Update the affected qemu package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N"); script_cwe_id(119, 189, 200, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qemu"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"qemu-0.10.1-0.1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-776-2.NASL description USN-776-1 fixed vulnerabilities in KVM. Due to an incorrect fix, a regression was introduced in Ubuntu 8.04 LTS that caused KVM to fail to boot virtual machines started via libvirt. This update fixes the problem. We apologize for the inconvenience. Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. (CVE-2008-1945, CVE-2008-2004) Alfredo Ortega discovered that KVM last seen 2020-06-01 modified 2020-06-02 plugin id 38777 published 2009-05-14 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38777 title Ubuntu 8.04 LTS : kvm regression (USN-776-2) NASL family SuSE Local Security Checks NASL id SUSE_11_1_KVM-090112.NASL description Rogue VNC clients could make the built in VNC server of kvm run into an infinite loop (CVE-2008-2382) An off-by-one bug limited the length of VNC passwords to seven instead of eight (CVE-2008-5714) Virtualized guests could potentially execute code on the host by triggering a buffer overflow in the network emulation code via large ethernet frames (CVE-2007-5729) Virtualized guests could potentially execute code on the host by triggering a heap based buffer overflow in the Cirrus Graphics card emulation (CVE-2007-1320). last seen 2020-06-01 modified 2020-06-02 plugin id 40254 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40254 title openSUSE Security Update : kvm (kvm-412) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-008.NASL description Security vulnerabilities have been discovered and corrected in VNC server of qemu version 0.9.1 and earlier, which could lead to denial-of-service attacks (CVE-2008-2382), and make it easier for remote crackers to guess the VNC password (CVE-2008-5714). The updated packages have been patched to prevent this. last seen 2020-06-01 modified 2020-06-02 plugin id 36993 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36993 title Mandriva Linux Security Advisory : qemu (MDVSA-2009:008) NASL family SuSE Local Security Checks NASL id SUSE_QEMU-6123.NASL description qemu update to version 0.10.1 fixes the following security issues : CVE-2008-0928: problems with range checks of block devices CVE-2008-1945: problems with removable media handling CVE-2008-2382: vnc server DoS CVE-2008-4539: fix a heap overflow in the cirrus VGA implementation CVE-2008-5714: off by one error in vnc password handling last seen 2020-06-01 modified 2020-06-02 plugin id 36082 published 2009-04-03 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36082 title openSUSE 10 Security Update : qemu (qemu-6123) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1907.NASL description Several vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-5714 Chris Webb discovered an off-by-one bug limiting KVM last seen 2020-06-01 modified 2020-06-02 plugin id 44772 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44772 title Debian DSA-1907-1 : kvm - several vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-776-1.NASL description Avi Kivity discovered that KVM did not correctly handle certain disk formats. A local attacker could attach a malicious partition that would allow the guest VM to read files on the VM host. (CVE-2008-1945, CVE-2008-2004) Alfredo Ortega discovered that KVM last seen 2020-06-01 modified 2020-06-02 plugin id 38759 published 2009-05-13 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38759 title Ubuntu 8.04 LTS / 8.10 : kvm vulnerabilities (USN-776-1) NASL family SuSE Local Security Checks NASL id SUSE_11_0_KVM-090112.NASL description Rogue VNC clients could make the built in VNC server of kvm run into an infinite loop (CVE-2008-2382) An off-by-one bug limited the length of VNC passwords to seven instead of eight (CVE-2008-5714) Virtualized guests could potentially execute code on the host by triggering a buffer overflow in the network emulation code via large ethernet frames (CVE-2007-5729) Virtualized guests could potentially execute code on the host by triggering a heap based buffer overflow in the Cirrus Graphics card emulation (CVE-2007-1320). last seen 2020-06-01 modified 2020-06-02 plugin id 40019 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40019 title openSUSE Security Update : kvm (kvm-412)
Statements
| contributor | Joshua Bressers |
| lastmodified | 2009-02-26 |
| organization | Red Hat |
| statement | Not vulnerable. This issue did not affect the versions of Xen as shipped with Red Hat Enterprise Linux 5. |
References
- http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html
- http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html
- http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
- http://secunia.com/advisories/33568
- http://secunia.com/advisories/34642
- http://secunia.com/advisories/35062
- http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966
- http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966
- http://www.securityfocus.com/bid/33020
- http://www.ubuntu.com/usn/usn-776-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47683