ID CVE-2007-1320
Summary Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*
    cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora_core:6:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora_core:6:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 15-12-2020 - 23:52)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:04:32.949-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.
family unix
id oval:org.mitre.oval:def:10315
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.
version 18
redhat via4
advisories
rhsa
id RHSA-2007:0323
rpms
  • xen-0:3.0.3-25.0.4.el5
  • xen-debuginfo-0:3.0.3-25.0.4.el5
  • xen-devel-0:3.0.3-25.0.4.el5
  • xen-libs-0:3.0.3-25.0.4.el5
refmap via4
bid 23731
debian
  • DSA-1284
  • DSA-1384
fedora
  • FEDORA-2007-713
  • FEDORA-2008-4386
  • FEDORA-2008-4604
mandriva
  • MDKSA-2007:203
  • MDVSA-2008:162
misc http://taviso.decsystem.org/virtsec.pdf
osvdb 35494
secunia
  • 25073
  • 25095
  • 27047
  • 27085
  • 27103
  • 27486
  • 29129
  • 30413
  • 33568
suse SUSE-SR:2009:002
vupen ADV-2007-1597
Last major update 15-12-2020 - 23:52
Published 02-05-2007 - 17:19
Last modified 15-12-2020 - 23:52
Back to Top