CVE-2007-5729
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.2%
The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 “mtu” heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of “NE2000 network driver and the socket code,” but this is the correct identifier for the mtu overflow vulnerability.
Affected configurations
References
lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
osvdb.org/42986
secunia.com/advisories/25073
secunia.com/advisories/25095
secunia.com/advisories/27486
secunia.com/advisories/29129
secunia.com/advisories/33568
taviso.decsystem.org/virtsec.pdf
www.attrition.org/pipermail/vim/2007-October/001842.html
www.debian.org/security/2007/dsa-1284
www.mandriva.com/security/advisories?name=MDKSA-2007:203
www.mandriva.com/security/advisories?name=MDVSA-2008:162
www.securityfocus.com/bid/23731
www.vupen.com/english/advisories/2007/1597
exchange.xforce.ibmcloud.com/vulnerabilities/38238
Social References
More
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.2%