CVE-2008-4539 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-4539
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-4539

Description: Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/47736 UBUNTU http://www.ubuntu.com/usn/usn-776-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html SAID Secunia Advisory: SA35062 Secunia Advisory: SA35031 Secunia Advisory: SA29129 Secunia Advisory: SA33350 Secunia Advisory: SA34642 Secunia Advisory: SA25073 MLIST http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source http://www.mail-archive.com/secure-testing-commits@lists.alioth.debian.org/msg09322.html http://www.mail-archive.com/cvs-all@freebsd.org/msg129730.html FEDORA DEBIAN http://www.debian.org/security/2009/dsa-1799 CONFIRM http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5587 http://git.kernel.dk/?p=qemu.git;a=commitdiff;h=65d35a09979e63541afc5bfc595b9f1b1b4ae069

Return to the previous page.