Lucene search

[email protected]CVE-2007-1321

HistoryOct 30, 2007 - 10:46 p.m.

CVE-2007-1321

2007-10-3022:46:00

[email protected]

web.nvd.nist.gov

cve-2007-1321

qemu

ne2000 emulator

integer signedness error

heap-based buffer overflow

xen

nvd

cve-2007-5729

cve-2007-5730

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

10.0%

JSON

Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 “receive” integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled “NE2000 network driver and the socket code,” but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.

Affected configurations

NVD

Node

qemuqemuMatch0.8.2

AND

xenxenMatch-

Node

fedoraprojectfedoraMatch7

fedoraprojectfedora_coreMatch6

Node

debiandebian_linuxMatch3.1

debiandebian_linuxMatch4.0

CPENameOperatorVersion
qemu:qemuqemueq0.8.2

CPE	Name	Operator	Version
qemu:qemu	qemu	eq	0.8.2

References

osvdb.org/35495

secunia.com/advisories/25073

secunia.com/advisories/25095

secunia.com/advisories/27047

secunia.com/advisories/27072

secunia.com/advisories/27103

secunia.com/advisories/27486

secunia.com/advisories/29129

securitytracker.com/id?1018761

taviso.decsystem.org/virtsec.pdf

www.attrition.org/pipermail/vim/2007-October/001842.html

www.debian.org/security/2007/dsa-1284

www.mandriva.com/security/advisories?name=MDKSA-2007:203

www.mandriva.com/security/advisories?name=MDVSA-2008:162

www.redhat.com/support/errata/RHSA-2007-0323.html

www.securityfocus.com/bid/23731

www.vupen.com/english/advisories/2007/1597

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302

www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html

www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html

www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html

Social References

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

10.0%

JSON

Related for CVE-2007-1321

prion3 nvd3 ubuntucve3 debiancve3 cvelist3 redhatcve1 cve2 veracode2 openvas22 nessus19 fedora4 oraclelinux2 redhat2 centos2 debian1 osv1 freebsd1