CVE-2007-1321 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-1321
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-1321

Description: Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.

CVE Status: Candidate

References: VIM http://www.attrition.org/pipermail/vim/2007-October/001842.html ST 1018761 SAID Secunia Advisory: SA27072 Secunia Advisory: SA27103 Secunia Advisory: SA27486 Secunia Advisory: SA25073 Secunia Advisory: SA25095 Secunia Advisory: SA27047 Secunia Advisory: SA29129 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0323.html MISC http://taviso.decsystem.org/virtsec.pdf MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:203 http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 FEDORA DEBIAN http://www.debian.org/security/2007/dsa-1284 BID 23731

Return to the previous page.