Libvirt Security Notice: LSN-2016-0001
======================================
Summary: Authentication disabled when setting empty VNC
password
Reported on: 20130531
Published on: 20130531
Fixed on: 20160630
Reported by: Vivian Zhang <vivianzhang(a)redhat.com>
Christoph Anton Mitterer <calestyo(a)scientia.net>
Patched by: Jiri Denemar <jdenemar(a)redhat.com>
See also: CVE-2016-5008
Description
-----------
An empty password set for the VNC server is documented as preventing
all client connections. This is the behaviour when QEMU virtual
machines are first started with the 'password' flag given to the
-vnc argument and when setting the password with the 'change vnc'
monitor command. When libvirt switched to using 'set_password' QMP
command though using an empty password had the effect of disabling
password checking and thus allowing any client connection with no
authentication check.
Impact
------
When the password on a VNC server is set to the empty string,
authentication on the VNC server will be disabled allowing any user
to connect. An application would meanwhile expect that the empty
string would prevent all users from connecting
Workaround
----------
The VNC password authentication scheme is generally considered to
offer inadequate security, so its use is not recommended at all,
regardless of this vulnerability. Applications and administrators
are thus encouraged to make use of the VNC TLS extension together
with SASL for strong authentication.
Affected product
----------------
Name: libvirt
Repository:
git://libvirt.org/git/libvirt.git
http://libvirt.org/git/?p=libvirt.git
Branch: master
Broken in: v0.8.8
Broken in: v0.9.0
Broken in: v0.9.1
Broken in: v0.9.2
Broken in: v0.9.3
Broken in: v0.9.4
Broken in: v0.9.5
Broken in: v0.9.6
Broken in: v0.9.7
Broken in: v0.9.8
Broken in: v0.9.9
Broken in: v0.9.10
Broken in: v0.9.11
Broken in: v0.9.12
Broken in: v0.9.13
Broken in: v0.10.0
Broken in: v0.10.1
Broken in: v0.10.2
Broken in: v1.0.0
Broken in: v1.0.1
Broken in: v1.0.2
Broken in: v1.0.3
Broken in: v1.0.4
Broken in: v1.0.5
Broken in: v1.0.6
Broken in: v1.1.0
Broken in: v1.1.1
Broken in: v1.1.2
Broken in: v1.1.3
Broken in: v1.1.4
Broken in: v1.2.0
Broken in: v1.2.1
Broken in: v1.2.2
Broken in: v1.2.3
Broken in: v1.2.4
Broken in: v1.2.5
Broken in: v1.2.6
Broken in: v1.2.7
Broken in: v1.2.8
Broken in: v1.2.9
Broken in: v1.2.10
Broken in: v1.2.11
Broken in: v1.2.12
Broken in: v1.2.13
Broken in: v1.2.14
Broken in: v1.2.15
Broken in: v1.2.16
Broken in: v1.2.17
Broken in: v1.2.18
Broken in: v1.2.19
Broken in: v1.2.20
Broken in: v1.2.21
Broken in: v1.3.0
Broken in: v1.3.1
Broken in: v1.3.2
Broken in: v1.3.3
Broken in: v1.3.4
Broken in: v1.3.5
Fixed in: v2.0.0
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: bb848feec0f3f10e92dd8e5231ae7aa89b5598f3
Branch: v0.9.6-maint
Broken in: v0.9.6.1
Broken in: v0.9.6.2
Broken in: v0.9.6.3
Broken in: v0.9.6.4
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Branch: v0.9.11-maint
Broken in: v0.9.11.1
Broken in: v0.9.11.2
Broken in: v0.9.11.3
Broken in: v0.9.11.4
Broken in: v0.9.11.5
Broken in: v0.9.11.6
Broken in: v0.9.11.7
Broken in: v0.9.11.8
Broken in: v0.9.11.9
Broken in: v0.9.11.10
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Branch: v0.9.12-maint
Broken in: v0.9.12.1
Broken in: v0.9.12.2
Broken in: v0.9.12.3
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: eea38b5922b7daff91fd146869a337287e77065e
Branch: v0.10.2-maint
Broken in: v0.10.2.1
Broken in: v0.10.2.2
Broken in: v0.10.2.3
Broken in: v0.10.2.4
Broken in: v0.10.2.5
Broken in: v0.10.2.6
Broken in: v0.10.2.7
Broken in: v0.10.2.8
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 418a165da6e61ab548349408e4ba0c0d612ef5af
Branch: v1.0.2-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 139a4265774b7aa194f8479a82188bc1337cd7a4
Branch: v1.0.3-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 3779715e8d4522f1f5de20746fd96bbe59167d1a
Branch: v1.0.4-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: a3954cc79358a990720fab36b4feaecd0266c5c6
Branch: v1.0.5-maint
Broken in: v1.0.5.1
Broken in: v1.0.5.2
Broken in: v1.0.5.3
Broken in: v1.0.5.4
Broken in: v1.0.5.5
Broken in: v1.0.5.6
Broken in: v1.0.5.7
Broken in: v1.0.5.8
Broken in: v1.0.5.9
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 6fd8d6b655b925df306652d525e388860704d67d
Branch: v1.0.6-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: c8df12a1394d75e12da09ec4189eea360feb059d
Branch: v1.1.0-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 1338fceea2f16c20b2aa91515918c7cc977d5f29
Branch: v1.1.1-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 6a11fd52b480bb47f8cc988763333788201ab1ab
Branch: v1.1.2-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 832cc0eff8feb2f14613a75b0e1d5671735d2094
Branch: v1.1.3-maint
Broken in: v1.1.3.1
Broken in: v1.1.3.2
Broken in: v1.1.3.3
Broken in: v1.1.3.4
Broken in: v1.1.3.5
Broken in: v1.1.3.6
Broken in: v1.1.3.7
Broken in: v1.1.3.8
Broken in: v1.1.3.9
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 39419b37c2049cfa36110d75c9071f8a72fa238d
Branch: v1.1.4-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 916f5c9d1f6b2145dac93311925db3eb93d3e5aa
Branch: v1.2.0-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 20397434fc036dead7e5c375aec7483334396178
Branch: v1.2.1-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: e4ecee35aed931cc10a7c84ec9829ccefddecefa
Branch: v1.2.2-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 4816c5370ecf9ed412068c6c3795a2fd71ebc354
Branch: v1.2.3-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 6f7cfb5ba21d5e710a88c2e0fcbc150b59ac510c
Branch: v1.2.4-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: dd9cca35bce5bea871f96264cfe9f629566f0b12
Branch: v1.2.5-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: f39de9abfd4b8b19a012169355a0e73dae427bd0
Branch: v1.2.6-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: d933f68ee660566b52cd90330aee0d5f414636a4
Branch: v1.2.7-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 0d052f8abd8bc38ac982e88294737c6ddf3e6484
Branch: v1.2.8-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 05d238be999f6488b6f24cbbff3dada0560d97bf
Branch: v1.2.9-maint
Broken in: v1.2.9.1
Broken in: v1.2.9.2
Broken in: v1.2.9.3
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: f32441c69bf450d6ac593c3acd621c37e120cdaf
Branch: v1.2.10-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 33802d62af95fd7a4e86f2755efe94af59158fea
Branch: v1.2.11-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: b7fbb52ac8d1198ba42b3d1f6cc3079497eea704
Branch: v1.2.12-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 819c14190cbea4ef1f99acfbd5e0389899142bd5
Branch: v1.2.13-maint
Broken in: v1.2.13.1
Broken in: v1.2.13.2
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 35c2bd75f2c8312687f965a80cc2b6255daf6575
Branch: v1.2.14-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: ea59deeeead2e4894f3651977aa6114849b857fb
Branch: v1.2.15-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 9e181d7f6c76f9a84e2c8638722bb98ac61b6baa
Branch: v1.2.16-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: b869aab71102c41247a3fede506e88700bb95e55
Branch: v1.2.17-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 49fa383bb03328f7def85e249e252abe5e602e39
Branch: v1.2.18-maint
Broken in: v1.2.18.1
Broken in: v1.2.18.2
Broken in: v1.2.18.3
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: caa4c280cd34f0ff0fb9a3879ccc0ceaffc3b802
Branch: v1.2.19-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 38d5c57b9a89c84a19bddcafca9230e69fc78171
Branch: v1.2.20-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 8c30687b71ccb635c110404f0ef1caf2dbccf2e0
Branch: v1.2.21-maint
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 9329ca10f121b737fbdcf3070877e3dbe50f9fdf
Branch: v1.3.0-maint
Broken in: v1.3.3.1
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: d49b1dfcb59af791f78cd699134cfe80bd6f13ab
Branch: v1.3.1-maint
Broken in: v1.3.3.1
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 2d5370eba6b52f44cf832eba28f162c55331a47c
Branch: v1.3.3-maint
Broken in: v1.3.3.1
Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f
Fixed by: 881441f84a30cd3921df313a982f7162d7ca04f4
Regards,
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|