CVE-2008-5714

NameCVE-2008-5714
DescriptionOff-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1907-1, DTSA-203-1
NVD severityhigh
Debian Bugs509882, 509997

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)stretch1:2.8+dfsg-6+deb9u9fixed
stretch (security)1:2.8+dfsg-6+deb9u10fixed
buster, buster (security)1:3.1+dfsg-8+deb10u7fixed
bullseye, sid1:5.0-14fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kvmsourcelenny72+dfsg-5~lenny3DSA-1907-1
kvmsourcesqueeze72+dfsg-5+squeeze1DTSA-203-1
kvmsource(unstable)82-1low509997
qemusourceetch(not affected)
qemusource(unstable)0.9.1-10low509882

Notes

[etch] - qemu <not-affected> (Vulnerable code not present)
[lenny] - kvm <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems