CVE-2017-1000256

Related Files

Ubuntu Security Notice USN-3576-1

Posted Feb 20, 2018

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3576-1 - Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Daniel P. Berrange discovered that libvirt incorrectly handled validating SSL/TLS certificates. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 17.10. Various other issues were also addressed.

tags | advisory, remote

systems | linux, ubuntu

advisories | CVE-2016-5008, CVE-2017-1000256, CVE-2018-5748, CVE-2018-6764

SHA-256 | 90c6d4cdd362e55904c6d76f4118ef039e8e85b0aab04a6669ee178da97eb658

Download | Favorite | View

Debian Security Advisory 4003-1

Posted Oct 20, 2017

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4003-1 - Daniel P. Berrange reported that Libvirt, a virtualisation abstraction library, does not properly handle the default_tls_x509_verify (and related) parameters in qemu.conf when setting up TLS clients and servers in QEMU, resulting in TLS clients for character devices and disk devices having verification turned off and ignoring any errors while validating the server certificate.

tags | advisory

systems | linux, debian

advisories | CVE-2017-1000256

SHA-256 | 47dab0a633f9c9c0444db6888c21643f68245d42df4f35f7137e9f48d551ead4

Download | Favorite | View