the original cloud security
Showing 1 - 3 of 3 RSS Feed

CVE-2007-1321

Status Candidate

Overview

Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.

Related Files

Mandriva Linux Security Advisory 2008-162
Posted Aug 8, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities have been found in Qemu. Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to attempting to mark non-existent regions as dirty, aka the bitblt heap overflow. Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 receive integer signedness error. QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction. QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by aam 0x0, which triggers a divide-by-zero error. The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 mtu heap overflow. Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the net socket listen option, aka QEMU net socket heap overflow. QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an overflow, via certain Windows executable programs, as demonstrated by qemu-dos.com. Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. Changing removable media in QEMU could trigger a bug similar to CVE-2008-2004, which would allow local guest users to read arbitrary files on the host by modifying the header of the image to identify a different format. the -usbdevice option. The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted. The updated packages have been patched to fix these issues.

tags | advisory, overflow, arbitrary, local, root, vulnerability
systems | linux, windows, xp, mandriva
advisories | CVE-2007-1320, CVE-2007-1321, CVE-2007-1322, CVE-2007-1366, CVE-2007-5729, CVE-2007-5730, CVE-2007-6227, CVE-2008-0928, CVE-2008-1945, CVE-2008-2004
MD5 | ba2676a4e1bd86995d3d231aa78a7286
Mandriva Linux Security Advisory 2007.203
Posted Nov 1, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Tavis Ormandy discovered a heap overflow flaw during video-to-video copy operations in the Cirrus VGA extension code that is used in Xen. A malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain. Tavis Ormandy also discovered insufficient input validation leading to a heap overflow in the NE2000 network driver in Xen. If the driver is in use, a malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain. Steve Kemp found that xen-utils used insecure temporary files within the xenmon tool that could allow local users to truncate arbitrary files. Joris van Rantwijk discovered a flaw in Pygrub, which is used as a boot loader for guest domains. A malicious local administrator of a guest domain could create a carefully-crafted grub.conf file which could trigger the execution of arbitrary code outside of that domain.

tags | advisory, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2007-4993, CVE-2007-3919, CVE-2007-1321, CVE-2007-5729, CVE-2007-5730, CVE-2007-1320
MD5 | ff8364f820413cda18b424722daf1611
Debian Linux Security Advisory 1284-1
Posted May 3, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1284-1 - Several vulnerabilities have been discovered in the QEMU processor emulator, which may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2007-1320, CVE-2007-1321, CVE-2007-1322, CVE-2007-1323, CVE-2007-1366
MD5 | a5ad94f8fbef772a2d5bf4057e0f45b9
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close