ID CVE-2007-1321
Summary Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.
References
Vulnerable Configurations
  • cpe:2.3:a:fabrice_bellard:qemu:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:fabrice_bellard:qemu:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:xen:xen:*:*:*:*:*:*:*:*
    cpe:2.3:a:xen:xen:*:*:*:*:*:*:*:*
CVSS
Base: 6.6 (as of 11-10-2017 - 01:31)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:S/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:18:41.172-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.
family unix
id oval:org.mitre.oval:def:9302
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.
version 18
redhat via4
advisories
rhsa
id RHSA-2007:0323
rpms
  • xen-0:3.0.3-25.0.4.el5
  • xen-devel-0:3.0.3-25.0.4.el5
  • xen-libs-0:3.0.3-25.0.4.el5
refmap via4
bid 23731
debian DSA-1284
fedora
  • FEDORA-2007-2270
  • FEDORA-2007-2708
  • FEDORA-2007-713
mandriva
  • MDKSA-2007:203
  • MDVSA-2008:162
misc http://taviso.decsystem.org/virtsec.pdf
osvdb 35495
sectrack 1018761
secunia
  • 25073
  • 25095
  • 27047
  • 27072
  • 27103
  • 27486
  • 29129
vim 20071030 Clarification on old QEMU/NE2000/Xen issues
vupen ADV-2007-1597
Last major update 11-10-2017 - 01:31
Published 30-10-2007 - 22:46
Back to Top