Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5730

Overview

Vulnerability Score 6.6 6.6
CVE Id CVE-2007-5730
Last Modified 27 Aug 2013 01:50:11
Published 30 Oct 2007 06:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2007-5730

Summary

Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability.

Vulnerable Systems

Application

  • Fabrice Bellard Qemu 0.8.2


References

XF - qemu-net-socket-bo(38239)

VUPEN - ADV-2007-1597

BID - 23731

REDHAT - RHSA-2008:0194

MANDRIVA - MDVSA-2008:162

MANDRIVA - MDKSA-2007:203

DEBIAN - DSA-1284

VIM - 20071030 Clarification on old QEMU/NE2000/Xen issues

MISC - http://taviso.decsystem.org/virtsec.pdf

SECUNIA - 29963

SECUNIA - 29129

SECUNIA - 27486

SECUNIA - 25095

SECUNIA - 25073

OSVDB - 42985


Last Updated: 27 May 2016 10:46:15