CVE-2008-5714 — kvm - several vulnerabilities

Description

Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.

How to fix CVE-2008-5714

To remediate CVE-2008-5714, upgrade the affected package to a fixed version below.

Debian/kvm—upgrade to 72+dfsg-5~lenny3 or later
Debian/kvm—upgrade to 72+dfsg-5+squeeze1 or later
Debian/qemu—upgrade to 0.9.1-10 or later

Is CVE-2008-5714 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 72+dfsg-5~lenny3
from 0, < 72+dfsg-5+squeeze1
from 0, < 0.9.1-10

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-5714