First published: Fri May 06 2011(Updated: )
It was found that after virtual machine conversion using virt-v2v the target VM does not have VNC password enabled even though the source VM does. An attacker able to connect to the target VM can possibly use this flaw to operate the VM with privileges of the logged in user.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Matthew Booth Virt-v2v | =0.8.0 | |
Matthew Booth Virt-v2v | <=0.8.3 | |
Matthew Booth Virt-v2v | =0.5.3 | |
Matthew Booth Virt-v2v | =0.2.0 | |
Matthew Booth Virt-v2v | =0.6.0 | |
Matthew Booth Virt-v2v | =0.8.1 | |
Matthew Booth Virt-v2v | =0.7.1 | |
Matthew Booth Virt-v2v | =0.8.2 | |
Matthew Booth Virt-v2v | =0.5.2 | |
Matthew Booth Virt-v2v | =0.6.1 | |
Matthew Booth Virt-v2v | =0.5.4 | |
Matthew Booth Virt-v2v | =0.4.0 | |
Matthew Booth Virt-v2v | =0.7.0 | |
Matthew Booth Virt-v2v | =0.3.2 | |
Matthew Booth Virt-v2v | =0.5.1 | |
Matthew Booth Virt-v2v | =0.4.10 | |
Matthew Booth Virt-v2v | =0.5.0 | |
Matthew Booth Virt-v2v | =0.1.0 | |
Matthew Booth Virt-v2v | =0.6.2 | |
Matthew Booth Virt-v2v | =0.3.0 | |
Matthew Booth Virt-v2v | =0.4.9 | |
Matthew Booth Virt-v2v | =0.6.3 | |
Redhat Enterprise Linux | =6.0 |
https://git.fedorahosted.org/cgit/virt-v2v.git/commit/?id=7e9393129116699d1228bb02b9f65b78584582c1
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.