Security: Xen QEMU VNC Server Arbitrary Information Disclosure Vulnerability

March 20, 2007 by virtualization.info Editors

Quoting from Security Focus:

Xen is prone to an unspecified vulnerability that lets attackers obtain arbitrary information. The issue stems from a flaw in the VNC server code in QEMU.

An attacker can exploit this issue to access sensitive information that may aid in further attacks.

Currently reported affected systems are:

RedHat Fedora Core6
RedHat Fedora Core5
RedHat Enterprise Linux Virtualization 5 server
RedHat Enterprise Linux Desktop Multi OS 5 client
RedHat Enterprise Linux Desktop 5 client
RedHat Enterprise Linux 5 server

Read the whole bulletin here.

It’s a sort of ironic that Red Hat, who had so much to say about Novell/Xen enterprise readiness, is exposing such Xen flaw just less than a week after its major OS release.

Our Network

Synthetic Work

Launched in 2023, Synthetic Work is an independent, non-technical, weekly newsletter to understand how AI is transforming jobs and careers, workforce productivity, and business operations.

virtualization.info

Established in 2003, virtualization.info is the most insightful website about server and application virtualization technologies, including virtual machines and hypervisors, containers and orchestrators, functions and serverless computing platforms.

cloudcomputing.info

Established in 2010, cloudcomputing.info is focused on public clouds, observing technologies like IaaS, PaaS and SaaS, as well as service providers like AWS, Azure, and Google Cloud.

ITautomation.info

Coming in 2025, ITautomation.info focuses on automation and orchestration, observing technologies and platforms like Ansible, Chef, Puppet, and Terraform.

ITOps.info

Coming in 2025, ITOps.info is dedicated to methodologies, frameworks, and tooling necessary to scale IT operations in the decade dominated by cloud computing, microservices, and artificial intelligence.

CISO.info

Coming in 2025, CISO.info is dedicated to the challenges that Chief Security Information Officers face in the new decade, including the journey from cyber-security to cyber-resilience, the adoption of risk management strategies, and the defense against state-sponsored cyberattacks.

CIO.news

Coming in 2025, CIO.news is an observatory for global Chief Information Officers designed to significantly improve the signal-to-noise ratio in the IT world.