FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-1321

This CVE name corresponds to:

Entered Topic
2007-05-01 qemu -- several vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-1321 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-1321
Phase Assigned(20070307)

Description

Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.

References

Source Reference
MISC http://taviso.decsystem.org/virtsec.pdf
DEBIAN DSA-1284
FEDORA FEDORA-2007-2270
FEDORA FEDORA-2007-713
FEDORA FEDORA-2007-2708
MANDRIVA MDKSA-2007:203
MANDRIVA MDVSA-2008:162
REDHAT RHSA-2007:0323
VIM 20071030 Clarification on old QEMU/NE2000/Xen issues
BID 23731
OSVDB 35495
OVAL oval:org.mitre.oval:def:9302
VUPEN ADV-2007-1597
SECTRACK 1018761
SECUNIA 27072
SECUNIA 27103
SECUNIA 27486
SECUNIA 25073
SECUNIA 25095
SECUNIA 27047
SECUNIA 29129

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.