PT-2016-6216 · Red Hat+4 · Libvirt+5

Christoph Anton Mitterer

Published

2016-07-02

Updated

2023-02-12

CVE-2016-5008

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libvirt versions prior to 2.0.0

Description The issue allows remote attackers to bypass authentication and establish a VNC session by connecting to the server when the password on a VNC server is set to an empty string.

Recommendations For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider setting a non-empty password for the VNC server to prevent unauthorized access.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

ALT-PU-2016-1728

CESA-2016_2577

CVE-2016-5008

DLA-541-1

DSA-3613-1

MGASA-2016-0248

RHSA-2016:2577

RHSA-2016_2577

SUSE-SU-2016:1944-1

SUSE-SU-2016:2053-1

SUSE-SU-2016_1944-1

SUSE-SU-2016_2053-1

SUSE-SU-2018:2141-1

USN-3576-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libvirt

PT-2016-6216 · Red Hat+4 · Libvirt+5

CVE-2016-5008

Weakness Enumeration

Related Identifiers

Affected Products

References · 83