CVE-2008-5714 Information
Description
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password which is limited to seven characters where eight was intended.
Reference
http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://secunia.com/advisories/33568 http://secunia.com/advisories/34642 http://secunia.com/advisories/35062 http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966 http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966 http://www.securityfocus.com/bid/33020 http://www.ubuntu.com/usn/usn-776-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/47683
Share on: