CVE-2011-1773 Information

Description

virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest which allows local users to bypass the intended VNC authentication by connecting without a password.

Reference

http://rhn.redhat.com/errata/RHSA-2011-1615.html http://secunia.com/advisories/47086 http://www.osvdb.org/77558 https://bugzilla.redhat.com/show_bug.cgi?id=702754 https://git.fedorahosted.org/cgit/virt-v2v.git/commit/?id=7e9393129116699d1228bb02b9f65b78584582c1