Test ID:	1.3.6.1.4.1.25623.1.0.840585
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1063-1)
Summary:	The remote host is missing an update for the 'qemu-kvm' package(s) announced via the USN-1063-1 advisory.
Description:	Summary: The remote host is missing an update for the 'qemu-kvm' package(s) announced via the USN-1063-1 advisory. Vulnerability Insight: Neil Wilson discovered that if VNC passwords were blank in QEMU configurations, access to VNC sessions was allowed without a password instead of being disabled. A remote attacker could connect to running VNC sessions of QEMU and directly control the system. By default, QEMU does not start VNC sessions. Affected Software/OS: 'qemu-kvm' package(s) on Ubuntu 9.10, Ubuntu 10.04, Ubuntu 10.10. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:A/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0011 42830 http://secunia.com/advisories/42830 43272 http://secunia.com/advisories/43272 43733 http://secunia.com/advisories/43733 44393 http://secunia.com/advisories/44393 70992 http://www.osvdb.org/70992 RHSA-2011:0345 http://rhn.redhat.com/errata/RHSA-2011-0345.html USN-1063-1 http://ubuntu.com/usn/usn-1063-1 [oss-security] 20110110 CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication http://www.openwall.com/lists/oss-security/2011/01/10/3 [oss-security] 20110110 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication http://www.openwall.com/lists/oss-security/2011/01/11/1 [oss-security] 20110112 Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication http://www.openwall.com/lists/oss-security/2011/01/12/2 https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/697197 qemu-vnc-security-bypass(65215) https://exchange.xforce.ibmcloud.com/vulnerabilities/65215
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.