First published: Sat Aug 15 2015(Updated: )
Michal Skrivanek of Red Hat reports: If vdsm is run with -spice disable-ticketing and a VM is suspended and then restored any remote user will be allowed to connect without authentication.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Enterprise Virtualization | <3.5.6 | |
Redhat Enterprise Virtualization Hypervisor | >=6-6.0<6-6.7-20151117.0 | |
Redhat Enterprise Virtualization Hypervisor | >=7-7.0<7-7.2-20151119.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.