Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5729

Overview

Vulnerability Score 6.6 6.6
CVE Id CVE-2007-5729
Last Modified 07 Mar 2011 10:01:12
Published 30 Oct 2007 06:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2007-5729

Summary

The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability.

Vulnerable Systems

Application

  • Fabrice Bellard Qemu 0.8.2


References

VUPEN - ADV-2007-1597

MANDRIVA - MDVSA-2008:162

DEBIAN - DSA-1284

MISC - http://taviso.decsystem.org/virtsec.pdf

SECUNIA - 33568

SECUNIA - 29129

OSVDB - 42986

SUSE - SUSE-SR:2009:002

XF - qemu-ne2000-code-execution(38238)

BID - 23731

MANDRIVA - MDKSA-2007:203

VIM - 20071030 Clarification on old QEMU/NE2000/Xen issues

SECUNIA - 27486

SECUNIA - 25095

SECUNIA - 25073


Last Updated: 27 May 2016 10:46:15