CVE-2007-2893 (GCVE-0-2007-2893)
Vulnerability from cvelistv5
Published
2007-05-30 01:00
Modified
2024-08-07 13:57
Severity ?
CWE
  • n/a
Summary
Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."
References
cve@mitre.org http://bugs.gentoo.org/show_bug.cgi?id=188148 Third Party Advisory
cve@mitre.org http://osvdb.org/36799 Broken Link
cve@mitre.org http://secunia.com/advisories/25470 Third Party Advisory
cve@mitre.org http://secunia.com/advisories/26364 Third Party Advisory
cve@mitre.org http://secunia.com/advisories/27715 Third Party Advisory
cve@mitre.org http://security.gentoo.org/glsa/glsa-200711-21.xml Third Party Advisory
cve@mitre.org http://taviso.decsystem.org/virtsec.pdf Third Party Advisory
cve@mitre.org http://www.debian.org/security/2007/dsa-1351 Third Party Advisory
cve@mitre.org http://www.securityfocus.com/bid/24246 Third Party Advisory, VDB Entry
cve@mitre.org http://www.vupen.com/english/advisories/2007/1936 Third Party Advisory
cve@mitre.org https://exchange.xforce.ibmcloud.com/vulnerabilities/34508 Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108 http://bugs.gentoo.org/show_bug.cgi?id=188148 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://osvdb.org/36799 Broken Link
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/25470 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/26364 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/27715 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://security.gentoo.org/glsa/glsa-200711-21.xml Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://taviso.decsystem.org/virtsec.pdf Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.debian.org/security/2007/dsa-1351 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/24246 Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108 http://www.vupen.com/english/advisories/2007/1936 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://exchange.xforce.ibmcloud.com/vulnerabilities/34508 Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:57:54.038Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
          },
          {
            "name": "27715",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27715"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://taviso.decsystem.org/virtsec.pdf"
          },
          {
            "name": "26364",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26364"
          },
          {
            "name": "bochs-ne2000-bo(34508)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34508"
          },
          {
            "name": "GLSA-200711-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
          },
          {
            "name": "36799",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/36799"
          },
          {
            "name": "DSA-1351",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1351"
          },
          {
            "name": "24246",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24246"
          },
          {
            "name": "ADV-2007-1936",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1936"
          },
          {
            "name": "25470",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25470"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-05-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka \"RX Frame heap overflow.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
        },
        {
          "name": "27715",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27715"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://taviso.decsystem.org/virtsec.pdf"
        },
        {
          "name": "26364",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26364"
        },
        {
          "name": "bochs-ne2000-bo(34508)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34508"
        },
        {
          "name": "GLSA-200711-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
        },
        {
          "name": "36799",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/36799"
        },
        {
          "name": "DSA-1351",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1351"
        },
        {
          "name": "24246",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24246"
        },
        {
          "name": "ADV-2007-1936",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1936"
        },
        {
          "name": "25470",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25470"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-2893",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka \"RX Frame heap overflow.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=188148",
              "refsource": "CONFIRM",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=188148"
            },
            {
              "name": "27715",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27715"
            },
            {
              "name": "http://taviso.decsystem.org/virtsec.pdf",
              "refsource": "MISC",
              "url": "http://taviso.decsystem.org/virtsec.pdf"
            },
            {
              "name": "26364",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26364"
            },
            {
              "name": "bochs-ne2000-bo(34508)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34508"
            },
            {
              "name": "GLSA-200711-21",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200711-21.xml"
            },
            {
              "name": "36799",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/36799"
            },
            {
              "name": "DSA-1351",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1351"
            },
            {
              "name": "24246",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24246"
            },
            {
              "name": "ADV-2007-1936",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1936"
            },
            {
              "name": "25470",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25470"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-2893",
    "datePublished": "2007-05-30T01:00:00",
    "dateReserved": "2007-05-29T00:00:00",
    "dateUpdated": "2024-08-07T13:57:54.038Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-2893\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-05-30T01:30:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka \\\"RX Frame heap overflow.\\\"\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer basado en la regi\u00f3n heap de la memoria en la funci\u00f3n bx_ne2k_c::rx_frame en el archivo iodev/ne2k.cc en el dispositivo NE2000 emulado en Bochs versi\u00f3n 2.3, permite a usuarios locales del sistema operativo invitado escribir en ubicaciones de memoria arbitrarias y alcanzar privilegios en el sistema operativo host por medio de vectores que causan que los valores de registro TXCNT excedan el tama\u00f1o de la memoria del dispositivo, tambi\u00e9n se conoce como \\\"RX Frame heap overflow.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bochs_project:bochs:2.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"373CA72E-D731-4433-88E8-72C09EAE1796\"}]}]}],\"references\":[{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=188148\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/36799\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/25470\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/26364\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/27715\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200711-21.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://taviso.decsystem.org/virtsec.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2007/dsa-1351\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/24246\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/1936\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34508\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=188148\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/36799\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/25470\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/26364\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/27715\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200711-21.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://taviso.decsystem.org/virtsec.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2007/dsa-1351\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/24246\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/1936\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/34508\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. This issue did not affect Xen as shipped with Red Hat Enterprise Linux 5.\",\"lastModified\":\"2007-11-02T00:00:00\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.