CVE-2008-2382
Summary
| CVE | CVE-2008-2382 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-12-24 18:29:00 UTC |
| Updated | 2020-11-02 14:39:00 UTC |
| Description | The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message. |
Risk And Classification
Problem Types: CWE-399
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Kvm Qumranet | Kvm | 1 | All | All | All |
| Application | Kvm Qumranet | Kvm | 10 | All | All | All |
| Application | Kvm Qumranet | Kvm | 11 | All | All | All |
| Application | Kvm Qumranet | Kvm | 12 | All | All | All |
| Application | Kvm Qumranet | Kvm | 13 | All | All | All |
| Application | Kvm Qumranet | Kvm | 14 | All | All | All |
| Application | Kvm Qumranet | Kvm | 15 | All | All | All |
| Application | Kvm Qumranet | Kvm | 16 | All | All | All |
| Application | Kvm Qumranet | Kvm | 17 | All | All | All |
| Application | Kvm Qumranet | Kvm | 18 | All | All | All |
| Application | Kvm Qumranet | Kvm | 19 | All | All | All |
| Application | Kvm Qumranet | Kvm | 2 | All | All | All |
| Application | Kvm Qumranet | Kvm | 20 | All | All | All |
| Application | Kvm Qumranet | Kvm | 21 | All | All | All |
| Application | Kvm Qumranet | Kvm | 22 | All | All | All |
| Application | Kvm Qumranet | Kvm | 23 | All | All | All |
| Application | Kvm Qumranet | Kvm | 24 | All | All | All |
| Application | Kvm Qumranet | Kvm | 25 | All | All | All |
| Application | Kvm Qumranet | Kvm | 26 | All | All | All |
| Application | Kvm Qumranet | Kvm | 27 | All | All | All |
| Application | Kvm Qumranet | Kvm | 28 | All | All | All |
| Application | Kvm Qumranet | Kvm | 29 | All | All | All |
| Application | Kvm Qumranet | Kvm | 3 | All | All | All |
| Application | Kvm Qumranet | Kvm | 30 | All | All | All |
| Application | Kvm Qumranet | Kvm | 31 | All | All | All |
| Application | Kvm Qumranet | Kvm | 32 | All | All | All |
| Application | Kvm Qumranet | Kvm | 33 | All | All | All |
| Application | Kvm Qumranet | Kvm | 34 | All | All | All |
| Application | Kvm Qumranet | Kvm | 35 | All | All | All |
| Application | Kvm Qumranet | Kvm | 36 | All | All | All |
| Application | Kvm Qumranet | Kvm | 37 | All | All | All |
| Application | Kvm Qumranet | Kvm | 38 | All | All | All |
| Application | Kvm Qumranet | Kvm | 39 | All | All | All |
| Application | Kvm Qumranet | Kvm | 4 | All | All | All |
| Application | Kvm Qumranet | Kvm | 40 | All | All | All |
| Application | Kvm Qumranet | Kvm | 41 | All | All | All |
| Application | Kvm Qumranet | Kvm | 42 | All | All | All |
| Application | Kvm Qumranet | Kvm | 43 | All | All | All |
| Application | Kvm Qumranet | Kvm | 44 | All | All | All |
| Application | Kvm Qumranet | Kvm | 45 | All | All | All |
| Application | Kvm Qumranet | Kvm | 46 | All | All | All |
| Application | Kvm Qumranet | Kvm | 47 | All | All | All |
| Application | Kvm Qumranet | Kvm | 48 | All | All | All |
| Application | Kvm Qumranet | Kvm | 49 | All | All | All |
| Application | Kvm Qumranet | Kvm | 5 | All | All | All |
| Application | Kvm Qumranet | Kvm | 50 | All | All | All |
| Application | Kvm Qumranet | Kvm | 51 | All | All | All |
| Application | Kvm Qumranet | Kvm | 52 | All | All | All |
| Application | Kvm Qumranet | Kvm | 53 | All | All | All |
| Application | Kvm Qumranet | Kvm | 54 | All | All | All |
| Application | Kvm Qumranet | Kvm | 55 | All | All | All |
| Application | Kvm Qumranet | Kvm | 56 | All | All | All |
| Application | Kvm Qumranet | Kvm | 57 | All | All | All |
| Application | Kvm Qumranet | Kvm | 58 | All | All | All |
| Application | Kvm Qumranet | Kvm | 59 | All | All | All |
| Application | Kvm Qumranet | Kvm | 6 | All | All | All |
| Application | Kvm Qumranet | Kvm | 60 | All | All | All |
| Application | Kvm Qumranet | Kvm | 61 | All | All | All |
| Application | Kvm Qumranet | Kvm | 62 | All | All | All |
| Application | Kvm Qumranet | Kvm | 63 | All | All | All |
| Application | Kvm Qumranet | Kvm | 64 | All | All | All |
| Application | Kvm Qumranet | Kvm | 65 | All | All | All |
| Application | Kvm Qumranet | Kvm | 66 | All | All | All |
| Application | Kvm Qumranet | Kvm | 67 | All | All | All |
| Application | Kvm Qumranet | Kvm | 68 | All | All | All |
| Application | Kvm Qumranet | Kvm | 69 | All | All | All |
| Application | Kvm Qumranet | Kvm | 7 | All | All | All |
| Application | Kvm Qumranet | Kvm | 70 | All | All | All |
| Application | Kvm Qumranet | Kvm | 71 | All | All | All |
| Application | Kvm Qumranet | Kvm | 72 | All | All | All |
| Application | Kvm Qumranet | Kvm | 73 | All | All | All |
| Application | Kvm Qumranet | Kvm | 74 | All | All | All |
| Application | Kvm Qumranet | Kvm | 75 | All | All | All |
| Application | Kvm Qumranet | Kvm | 76 | All | All | All |
| Application | Kvm Qumranet | Kvm | 77 | All | All | All |
| Application | Kvm Qumranet | Kvm | 78 | All | All | All |
| Application | Kvm Qumranet | Kvm | 8 | All | All | All |
| Application | Kvm Qumranet | Kvm | 9 | All | All | All |
| Application | Kvm Qumranet | Kvm | 1 | All | All | All |
| Application | Kvm Qumranet | Kvm | 10 | All | All | All |
| Application | Kvm Qumranet | Kvm | 11 | All | All | All |
| Application | Kvm Qumranet | Kvm | 12 | All | All | All |
| Application | Kvm Qumranet | Kvm | 13 | All | All | All |
| Application | Kvm Qumranet | Kvm | 14 | All | All | All |
| Application | Kvm Qumranet | Kvm | 15 | All | All | All |
| Application | Kvm Qumranet | Kvm | 16 | All | All | All |
| Application | Kvm Qumranet | Kvm | 17 | All | All | All |
| Application | Kvm Qumranet | Kvm | 18 | All | All | All |
| Application | Kvm Qumranet | Kvm | 19 | All | All | All |
| Application | Kvm Qumranet | Kvm | 2 | All | All | All |
| Application | Kvm Qumranet | Kvm | 20 | All | All | All |
| Application | Kvm Qumranet | Kvm | 21 | All | All | All |
| Application | Kvm Qumranet | Kvm | 22 | All | All | All |
| Application | Kvm Qumranet | Kvm | 23 | All | All | All |
| Application | Kvm Qumranet | Kvm | 24 | All | All | All |
| Application | Kvm Qumranet | Kvm | 25 | All | All | All |
| Application | Kvm Qumranet | Kvm | 26 | All | All | All |
| Application | Kvm Qumranet | Kvm | 27 | All | All | All |
| Application | Kvm Qumranet | Kvm | 28 | All | All | All |
| Application | Kvm Qumranet | Kvm | 29 | All | All | All |
| Application | Kvm Qumranet | Kvm | 3 | All | All | All |
| Application | Kvm Qumranet | Kvm | 30 | All | All | All |
| Application | Kvm Qumranet | Kvm | 31 | All | All | All |
| Application | Kvm Qumranet | Kvm | 32 | All | All | All |
| Application | Kvm Qumranet | Kvm | 33 | All | All | All |
| Application | Kvm Qumranet | Kvm | 34 | All | All | All |
| Application | Kvm Qumranet | Kvm | 35 | All | All | All |
| Application | Kvm Qumranet | Kvm | 36 | All | All | All |
| Application | Kvm Qumranet | Kvm | 37 | All | All | All |
| Application | Kvm Qumranet | Kvm | 38 | All | All | All |
| Application | Kvm Qumranet | Kvm | 39 | All | All | All |
| Application | Kvm Qumranet | Kvm | 4 | All | All | All |
| Application | Kvm Qumranet | Kvm | 40 | All | All | All |
| Application | Kvm Qumranet | Kvm | 41 | All | All | All |
| Application | Kvm Qumranet | Kvm | 42 | All | All | All |
| Application | Kvm Qumranet | Kvm | 43 | All | All | All |
| Application | Kvm Qumranet | Kvm | 44 | All | All | All |
| Application | Kvm Qumranet | Kvm | 45 | All | All | All |
| Application | Kvm Qumranet | Kvm | 46 | All | All | All |
| Application | Kvm Qumranet | Kvm | 47 | All | All | All |
| Application | Kvm Qumranet | Kvm | 48 | All | All | All |
| Application | Kvm Qumranet | Kvm | 49 | All | All | All |
| Application | Kvm Qumranet | Kvm | 5 | All | All | All |
| Application | Kvm Qumranet | Kvm | 50 | All | All | All |
| Application | Kvm Qumranet | Kvm | 51 | All | All | All |
| Application | Kvm Qumranet | Kvm | 52 | All | All | All |
| Application | Kvm Qumranet | Kvm | 53 | All | All | All |
| Application | Kvm Qumranet | Kvm | 54 | All | All | All |
| Application | Kvm Qumranet | Kvm | 55 | All | All | All |
| Application | Kvm Qumranet | Kvm | 56 | All | All | All |
| Application | Kvm Qumranet | Kvm | 57 | All | All | All |
| Application | Kvm Qumranet | Kvm | 58 | All | All | All |
| Application | Kvm Qumranet | Kvm | 59 | All | All | All |
| Application | Kvm Qumranet | Kvm | 6 | All | All | All |
| Application | Kvm Qumranet | Kvm | 60 | All | All | All |
| Application | Kvm Qumranet | Kvm | 61 | All | All | All |
| Application | Kvm Qumranet | Kvm | 62 | All | All | All |
| Application | Kvm Qumranet | Kvm | 63 | All | All | All |
| Application | Kvm Qumranet | Kvm | 64 | All | All | All |
| Application | Kvm Qumranet | Kvm | 65 | All | All | All |
| Application | Kvm Qumranet | Kvm | 66 | All | All | All |
| Application | Kvm Qumranet | Kvm | 67 | All | All | All |
| Application | Kvm Qumranet | Kvm | 68 | All | All | All |
| Application | Kvm Qumranet | Kvm | 69 | All | All | All |
| Application | Kvm Qumranet | Kvm | 7 | All | All | All |
| Application | Kvm Qumranet | Kvm | 70 | All | All | All |
| Application | Kvm Qumranet | Kvm | 71 | All | All | All |
| Application | Kvm Qumranet | Kvm | 72 | All | All | All |
| Application | Kvm Qumranet | Kvm | 73 | All | All | All |
| Application | Kvm Qumranet | Kvm | 74 | All | All | All |
| Application | Kvm Qumranet | Kvm | 75 | All | All | All |
| Application | Kvm Qumranet | Kvm | 76 | All | All | All |
| Application | Kvm Qumranet | Kvm | 77 | All | All | All |
| Application | Kvm Qumranet | Kvm | 78 | All | All | All |
| Application | Kvm Qumranet | Kvm | 8 | All | All | All |
| Application | Kvm Qumranet | Kvm | 9 | All | All | All |
| Application | Kvm Qumranet | Kvm | All | All | All | All |
| Application | Qemu | Qemu | 0.1.0 | All | All | All |
| Application | Qemu | Qemu | 0.1.1 | All | All | All |
| Application | Qemu | Qemu | 0.1.2 | All | All | All |
| Application | Qemu | Qemu | 0.1.3 | All | All | All |
| Application | Qemu | Qemu | 0.1.4 | All | All | All |
| Application | Qemu | Qemu | 0.1.5 | All | All | All |
| Application | Qemu | Qemu | 0.1.6 | All | All | All |
| Application | Qemu | Qemu | 0.2.0 | All | All | All |
| Application | Qemu | Qemu | 0.3.0 | All | All | All |
| Application | Qemu | Qemu | 0.4.0 | All | All | All |
| Application | Qemu | Qemu | 0.4.1 | All | All | All |
| Application | Qemu | Qemu | 0.4.2 | All | All | All |
| Application | Qemu | Qemu | 0.4.3 | All | All | All |
| Application | Qemu | Qemu | 0.5.0 | All | All | All |
| Application | Qemu | Qemu | 0.5.1 | All | All | All |
| Application | Qemu | Qemu | 0.5.2 | All | All | All |
| Application | Qemu | Qemu | 0.5.3 | All | All | All |
| Application | Qemu | Qemu | 0.5.4 | All | All | All |
| Application | Qemu | Qemu | 0.5.5 | All | All | All |
| Application | Qemu | Qemu | 0.6.0 | All | All | All |
| Application | Qemu | Qemu | 0.6.1 | All | All | All |
| Application | Qemu | Qemu | 0.7.0 | All | All | All |
| Application | Qemu | Qemu | 0.7.1 | All | All | All |
| Application | Qemu | Qemu | 0.7.2 | All | All | All |
| Application | Qemu | Qemu | 0.8.0 | All | All | All |
| Application | Qemu | Qemu | 0.8.1 | All | All | All |
| Application | Qemu | Qemu | 0.8.2 | All | All | All |
| Application | Qemu | Qemu | 0.9.0 | All | All | All |
| Application | Qemu | Qemu | All | All | All | All |
| Application | Qemu | Qemu | 0.1.0 | All | All | All |
| Application | Qemu | Qemu | 0.1.1 | All | All | All |
| Application | Qemu | Qemu | 0.1.2 | All | All | All |
| Application | Qemu | Qemu | 0.1.3 | All | All | All |
| Application | Qemu | Qemu | 0.1.4 | All | All | All |
| Application | Qemu | Qemu | 0.1.5 | All | All | All |
| Application | Qemu | Qemu | 0.1.6 | All | All | All |
| Application | Qemu | Qemu | 0.2.0 | All | All | All |
| Application | Qemu | Qemu | 0.3.0 | All | All | All |
| Application | Qemu | Qemu | 0.4.0 | All | All | All |
| Application | Qemu | Qemu | 0.4.1 | All | All | All |
| Application | Qemu | Qemu | 0.4.2 | All | All | All |
| Application | Qemu | Qemu | 0.4.3 | All | All | All |
| Application | Qemu | Qemu | 0.5.0 | All | All | All |
| Application | Qemu | Qemu | 0.5.1 | All | All | All |
| Application | Qemu | Qemu | 0.5.2 | All | All | All |
| Application | Qemu | Qemu | 0.5.3 | All | All | All |
| Application | Qemu | Qemu | 0.5.4 | All | All | All |
| Application | Qemu | Qemu | 0.5.5 | All | All | All |
| Application | Qemu | Qemu | 0.6.0 | All | All | All |
| Application | Qemu | Qemu | 0.6.1 | All | All | All |
| Application | Qemu | Qemu | 0.7.0 | All | All | All |
| Application | Qemu | Qemu | 0.7.1 | All | All | All |
| Application | Qemu | Qemu | 0.7.2 | All | All | All |
| Application | Qemu | Qemu | 0.8.0 | All | All | All |
| Application | Qemu | Qemu | 0.8.1 | All | All | All |
| Application | Qemu | Qemu | 0.8.2 | All | All | All |
| Application | Qemu | Qemu | 0.9.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| KVM VNC "protocol_client_msg()" Denial of Service - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Webmail - OVH | VUPEN | www.vupen.com | |
| SUSE Update for Multiple Packages - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2009:002 | SUSE | lists.opensuse.org | |
| Ubuntu update for kvm - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| SUSE Update for Multiple Packages - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| SecurityReason - CORE-2008-1210: Qemu and KVM VNC server remote DoS | SREASON | securityreason.com | |
| KVM VNC Server Bug in protocol_client_msg() Lets Remote Users Deny Service - SecurityTracker | SECTRACK | securitytracker.com | Exploit |
| QEMU VNC "protocol_client_msg()" Denial of Service - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Webmail - OVH | VUPEN | www.vupen.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Fedora update for kvm - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| Qemu VNC Server Bug in protocol_client_msg() Lets Remote Users Deny Service - SecurityTracker | SECTRACK | securitytracker.com | |
| [SECURITY] Fedora 9 Update: kvm-65-15.fc9 | FEDORA | www.redhat.com | |
| USN-776-1: KVM vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2009:008 | SUSE | lists.opensuse.org | |
| Core Security Technologies | MISC | www.coresecurity.com | |
| QEMU and KVM VNC Server Remote Denial of Service Vulnerability | BID | www.securityfocus.com | Exploit |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2009-01-05 | Mark J Cox | Not vulnerable. This issue did not affect the version of the Xen package as shipped with Red Hat Enterprise Linux 5. |
There are currently no legacy QID mappings associated with this CVE.