Libvirt Security Notice: LSN-2016-0001 ====================================== Summary: Authentication disabled when setting empty VNC password Reported on: 20130531 Published on: 20130531 Fixed on: 20160630 Reported by: Vivian Zhang <vivianzhang@xxxxxxxxxx> Christoph Anton Mitterer <calestyo@xxxxxxxxxxxx> Patched by: Jiri Denemar <jdenemar@xxxxxxxxxx> See also: CVE-2016-5008 Description ----------- An empty password set for the VNC server is documented as preventing all client connections. This is the behaviour when QEMU virtual machines are first started with the 'password' flag given to the -vnc argument and when setting the password with the 'change vnc' monitor command. When libvirt switched to using 'set_password' QMP command though using an empty password had the effect of disabling password checking and thus allowing any client connection with no authentication check. Impact ------ When the password on a VNC server is set to the empty string, authentication on the VNC server will be disabled allowing any user to connect. An application would meanwhile expect that the empty string would prevent all users from connecting Workaround ---------- The VNC password authentication scheme is generally considered to offer inadequate security, so its use is not recommended at all, regardless of this vulnerability. Applications and administrators are thus encouraged to make use of the VNC TLS extension together with SASL for strong authentication. Affected product ---------------- Name: libvirt Repository: git://libvirt.org/git/libvirt.git http://libvirt.org/git/?p=libvirt.git Branch: master Broken in: v0.8.8 Broken in: v0.9.0 Broken in: v0.9.1 Broken in: v0.9.2 Broken in: v0.9.3 Broken in: v0.9.4 Broken in: v0.9.5 Broken in: v0.9.6 Broken in: v0.9.7 Broken in: v0.9.8 Broken in: v0.9.9 Broken in: v0.9.10 Broken in: v0.9.11 Broken in: v0.9.12 Broken in: v0.9.13 Broken in: v0.10.0 Broken in: v0.10.1 Broken in: v0.10.2 Broken in: v1.0.0 Broken in: v1.0.1 Broken in: v1.0.2 Broken in: v1.0.3 Broken in: v1.0.4 Broken in: v1.0.5 Broken in: v1.0.6 Broken in: v1.1.0 Broken in: v1.1.1 Broken in: v1.1.2 Broken in: v1.1.3 Broken in: v1.1.4 Broken in: v1.2.0 Broken in: v1.2.1 Broken in: v1.2.2 Broken in: v1.2.3 Broken in: v1.2.4 Broken in: v1.2.5 Broken in: v1.2.6 Broken in: v1.2.7 Broken in: v1.2.8 Broken in: v1.2.9 Broken in: v1.2.10 Broken in: v1.2.11 Broken in: v1.2.12 Broken in: v1.2.13 Broken in: v1.2.14 Broken in: v1.2.15 Broken in: v1.2.16 Broken in: v1.2.17 Broken in: v1.2.18 Broken in: v1.2.19 Broken in: v1.2.20 Broken in: v1.2.21 Broken in: v1.3.0 Broken in: v1.3.1 Broken in: v1.3.2 Broken in: v1.3.3 Broken in: v1.3.4 Broken in: v1.3.5 Fixed in: v2.0.0 Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: bb848feec0f3f10e92dd8e5231ae7aa89b5598f3 Branch: v0.9.6-maint Broken in: v0.9.6.1 Broken in: v0.9.6.2 Broken in: v0.9.6.3 Broken in: v0.9.6.4 Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Branch: v0.9.11-maint Broken in: v0.9.11.1 Broken in: v0.9.11.2 Broken in: v0.9.11.3 Broken in: v0.9.11.4 Broken in: v0.9.11.5 Broken in: v0.9.11.6 Broken in: v0.9.11.7 Broken in: v0.9.11.8 Broken in: v0.9.11.9 Broken in: v0.9.11.10 Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Branch: v0.9.12-maint Broken in: v0.9.12.1 Broken in: v0.9.12.2 Broken in: v0.9.12.3 Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: eea38b5922b7daff91fd146869a337287e77065e Branch: v0.10.2-maint Broken in: v0.10.2.1 Broken in: v0.10.2.2 Broken in: v0.10.2.3 Broken in: v0.10.2.4 Broken in: v0.10.2.5 Broken in: v0.10.2.6 Broken in: v0.10.2.7 Broken in: v0.10.2.8 Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 418a165da6e61ab548349408e4ba0c0d612ef5af Branch: v1.0.2-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 139a4265774b7aa194f8479a82188bc1337cd7a4 Branch: v1.0.3-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 3779715e8d4522f1f5de20746fd96bbe59167d1a Branch: v1.0.4-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: a3954cc79358a990720fab36b4feaecd0266c5c6 Branch: v1.0.5-maint Broken in: v1.0.5.1 Broken in: v1.0.5.2 Broken in: v1.0.5.3 Broken in: v1.0.5.4 Broken in: v1.0.5.5 Broken in: v1.0.5.6 Broken in: v1.0.5.7 Broken in: v1.0.5.8 Broken in: v1.0.5.9 Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 6fd8d6b655b925df306652d525e388860704d67d Branch: v1.0.6-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: c8df12a1394d75e12da09ec4189eea360feb059d Branch: v1.1.0-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 1338fceea2f16c20b2aa91515918c7cc977d5f29 Branch: v1.1.1-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 6a11fd52b480bb47f8cc988763333788201ab1ab Branch: v1.1.2-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 832cc0eff8feb2f14613a75b0e1d5671735d2094 Branch: v1.1.3-maint Broken in: v1.1.3.1 Broken in: v1.1.3.2 Broken in: v1.1.3.3 Broken in: v1.1.3.4 Broken in: v1.1.3.5 Broken in: v1.1.3.6 Broken in: v1.1.3.7 Broken in: v1.1.3.8 Broken in: v1.1.3.9 Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 39419b37c2049cfa36110d75c9071f8a72fa238d Branch: v1.1.4-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 916f5c9d1f6b2145dac93311925db3eb93d3e5aa Branch: v1.2.0-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 20397434fc036dead7e5c375aec7483334396178 Branch: v1.2.1-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: e4ecee35aed931cc10a7c84ec9829ccefddecefa Branch: v1.2.2-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 4816c5370ecf9ed412068c6c3795a2fd71ebc354 Branch: v1.2.3-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 6f7cfb5ba21d5e710a88c2e0fcbc150b59ac510c Branch: v1.2.4-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: dd9cca35bce5bea871f96264cfe9f629566f0b12 Branch: v1.2.5-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: f39de9abfd4b8b19a012169355a0e73dae427bd0 Branch: v1.2.6-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: d933f68ee660566b52cd90330aee0d5f414636a4 Branch: v1.2.7-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 0d052f8abd8bc38ac982e88294737c6ddf3e6484 Branch: v1.2.8-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 05d238be999f6488b6f24cbbff3dada0560d97bf Branch: v1.2.9-maint Broken in: v1.2.9.1 Broken in: v1.2.9.2 Broken in: v1.2.9.3 Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: f32441c69bf450d6ac593c3acd621c37e120cdaf Branch: v1.2.10-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 33802d62af95fd7a4e86f2755efe94af59158fea Branch: v1.2.11-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: b7fbb52ac8d1198ba42b3d1f6cc3079497eea704 Branch: v1.2.12-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 819c14190cbea4ef1f99acfbd5e0389899142bd5 Branch: v1.2.13-maint Broken in: v1.2.13.1 Broken in: v1.2.13.2 Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 35c2bd75f2c8312687f965a80cc2b6255daf6575 Branch: v1.2.14-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: ea59deeeead2e4894f3651977aa6114849b857fb Branch: v1.2.15-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 9e181d7f6c76f9a84e2c8638722bb98ac61b6baa Branch: v1.2.16-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: b869aab71102c41247a3fede506e88700bb95e55 Branch: v1.2.17-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 49fa383bb03328f7def85e249e252abe5e602e39 Branch: v1.2.18-maint Broken in: v1.2.18.1 Broken in: v1.2.18.2 Broken in: v1.2.18.3 Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: caa4c280cd34f0ff0fb9a3879ccc0ceaffc3b802 Branch: v1.2.19-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 38d5c57b9a89c84a19bddcafca9230e69fc78171 Branch: v1.2.20-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 8c30687b71ccb635c110404f0ef1caf2dbccf2e0 Branch: v1.2.21-maint Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 9329ca10f121b737fbdcf3070877e3dbe50f9fdf Branch: v1.3.0-maint Broken in: v1.3.3.1 Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: d49b1dfcb59af791f78cd699134cfe80bd6f13ab Branch: v1.3.1-maint Broken in: v1.3.3.1 Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 2d5370eba6b52f44cf832eba28f162c55331a47c Branch: v1.3.3-maint Broken in: v1.3.3.1 Broken by: 9d73efdbe3ea61a13a11fdc24a2cb530eaa0b66f Fixed by: 881441f84a30cd3921df313a982f7162d7ca04f4 Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list