ALT-PU-2016-1728-1
Closed vulnerabilities
Published: 2016-07-13
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-5008
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2016:1809
- openSUSE-SU-2016:1809
- openSUSE-SU-2016:1810
- openSUSE-SU-2016:1810
- openSUSE-SU-2016:1975
- openSUSE-SU-2016:1975
- RHSA-2016:2577
- RHSA-2016:2577
- http://security.libvirt.org/2016/0001.html
- http://security.libvirt.org/2016/0001.html
- DSA-3613
- DSA-3613
- 91562
- 91562
- https://bugzilla.redhat.com/show_bug.cgi?id=1180092
- https://bugzilla.redhat.com/show_bug.cgi?id=1180092
- FEDORA-2016-65cc608ebe
- FEDORA-2016-65cc608ebe
- FEDORA-2016-7b7e16a39e
- FEDORA-2016-7b7e16a39e
- USN-3576-1
- USN-3576-1