[Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in lib

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in lib

From:	Dustin Kirkland
Subject:	[Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt
Date:	Fri, 11 Feb 2011 15:41:57 -0000

Looks good, thanks for doing this, Neil.

I'm going to update it just slightly, as this debdiff will need to go
through the security queue, since there's an associated CVE.  I'll prep
that upload and the security team will sponsor it into maverick-
security.

I'll get it uploaded to natty now.

The last thing I need you to do is to email your patch to the qemu-devel
mailing list.  The maintainers do not accept patches solely attached to
bugs in Launchpad.  Their processes require that you email the patch to
the mailing list.  Sorry for the run-around.  Cheers!

** Changed in: qemu-kvm (Ubuntu Maverick)
   Importance: Undecided => Medium

** Changed in: qemu-kvm (Ubuntu Maverick)
       Status: New => In Progress

** Changed in: qemu-kvm (Ubuntu Maverick)
    Milestone: None => maverick-updates

** Changed in: qemu-kvm (Ubuntu Maverick)
     Assignee: (unassigned) => Dustin Kirkland (kirkland)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/697197

Title:
  Empty password allows access to VNC in libvirt

Status in libvirt virtualization API:
  Unknown
Status in QEMU:
  Confirmed
Status in qemu-kvm:
  Unknown
Status in “libvirt” package in Ubuntu:
  Invalid
Status in “qemu-kvm” package in Ubuntu:
  In Progress
Status in “libvirt” source package in Maverick:
  Invalid
Status in “qemu-kvm” source package in Maverick:
  In Progress
Status in “libvirt” source package in Natty:
  Invalid
Status in “qemu-kvm” source package in Natty:
  In Progress

Bug description:
  The help in the /etc/libvirt/qemu.conf states

  "To allow access without passwords, leave this commented out. An empty
  string will still enable passwords, but be rejected by QEMU
  effectively preventing any use of VNC."

  yet setting:

  vnc_password=""

  allows access to the vnc console without any password prompt just as
  if it is hashed out completely.

  ProblemType: Bug
  DistroRelease: Ubuntu 10.10
  Package: libvirt-bin 0.8.3-1ubuntu14
  ProcVersionSignature: Ubuntu 2.6.35-24.42-server 2.6.35.8
  Uname: Linux 2.6.35-24-server x86_64
  Architecture: amd64
  Date: Tue Jan  4 12:18:35 2011
  InstallationMedia: Ubuntu-Server 10.04.1 LTS "Lucid Lynx" - Release amd64 
(20100816.2)
  ProcEnviron:
   LANG=en_GB.UTF-8
   SHELL=/bin/bash
  SourcePackage: libvirt

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Dustin Kirkland, 2011/02/11
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Dustin Kirkland, 2011/02/11
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Dustin Kirkland, 2011/02/11
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Neil Wilson, 2011/02/11
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Dustin Kirkland, 2011/02/11
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Dustin Kirkland, 2011/02/11
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Dustin Kirkland, 2011/02/11
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Launchpad Bug Tracker, 2011/02/11
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Dustin Kirkland <=
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Dustin Kirkland, 2011/02/11
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Dustin Kirkland, 2011/02/11
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Launchpad Bug Tracker, 2011/02/11
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Launchpad Bug Tracker, 2011/02/11
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Kees Cook, 2011/02/11
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Kees Cook, 2011/02/11
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Dustin Kirkland, 2011/02/11
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Kees Cook, 2011/02/11
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Launchpad Bug Tracker, 2011/02/14
- [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt, Launchpad Bug Tracker, 2011/02/14

Prev by Date: [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt
Next by Date: [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt
Previous by thread: [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt
Next by thread: [Qemu-devel] [Bug 697197] Re: Empty password allows access to VNC in libvirt
Index(es):
- Date
- Thread