CVE-2011-1773

Severity

44%

Complexity

34%

Confidentiality

106%

virt-v2v before 0.8.4 does not preserve the VNC console password when converting a guest, which allows local users to bypass the intended VNC authentication by connecting without a password.

CVSS 2.0 Base Score 4.4. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 11 years ago

2014-02-08 00:55:00

Last updated 5 years ago

2019-04-22 17:48:00

Affected Software

Matthew Booth virt-v2v 0.1.0

0.1.0

Matthew Booth virt-v2v 0.2.0

0.2.0

Matthew Booth virt-v2v 0.3.0

0.3.0

Matthew Booth virt-v2v 0.3.2

0.3.2

Matthew Booth virt-v2v 0.4.0

0.4.0

Matthew Booth virt-v2v 0.4.9

0.4.9

Matthew Booth virt-v2v 0.4.10

0.4.10

Matthew Booth virt-v2v 0.5.0

0.5.0

Matthew Booth virt-v2v 0.5.1

0.5.1

Matthew Booth virt-v2v 0.5.2

0.5.2

Matthew Booth virt-v2v 0.5.3

0.5.3

Matthew Booth virt-v2v 0.5.4

0.5.4

Matthew Booth virt-v2v 0.6.0

0.6.0

Matthew Booth virt-v2v 0.6.1

0.6.1

Matthew Booth virt-v2v 0.6.2

0.6.2

Matthew Booth virt-v2v 0.6.3

0.6.3

Matthew Booth virt-v2v 0.7.0

0.7.0

Matthew Booth virt-v2v 0.7.1

0.7.1

Matthew Booth virt-v2v 0.8.0

0.8.0

Matthew Booth virt-v2v 0.8.1

0.8.1

Matthew Booth virt-v2v 0.8.3

0.8.2

Red Hat Enterprise Linux 6.0

6.0

References

RHSA-2011:1615

47086

Vendor Advisory

77558

https://bugzilla.redhat.com/show_bug.cgi?id=702754

https://git.fedorahosted.org/cgit/virt-v2v.git/commit/?id=7e9393129116699d1228bb02b9f65b78584582c1

Exploit, Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.