CVE-2008-5714
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
7.4 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
79.9%
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.
Affected configurations
References
lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html
lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html
lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
secunia.com/advisories/33568
secunia.com/advisories/34642
secunia.com/advisories/35062
svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966
svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966
www.securityfocus.com/bid/33020
www.ubuntu.com/usn/usn-776-1
exchange.xforce.ibmcloud.com/vulnerabilities/47683
Related
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
7.4 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
79.9%