|Description||Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||high (attack range: remote)|
|Debian Bugs||509882, 509997|
Vulnerable and fixed packages
The table below lists information on source packages.
|stretch, stretch (security)||1:2.8+dfsg-6+deb9u4||fixed|
The information below is based on the following data on fixed versions.
[etch] - qemu <not-affected> (Vulnerable code not present)
[lenny] - kvm <no-dsa> (Minor issue)