Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 “receive” integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled “NE2000 network driver and the socket code,” but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.
osvdb.org/35495
secunia.com/advisories/25073
secunia.com/advisories/25095
secunia.com/advisories/27047
secunia.com/advisories/27072
secunia.com/advisories/27103
secunia.com/advisories/27486
secunia.com/advisories/29129
securitytracker.com/id?1018761
taviso.decsystem.org/virtsec.pdf
www.attrition.org/pipermail/vim/2007-October/001842.html
www.debian.org/security/2007/dsa-1284
www.mandriva.com/security/advisories?name=MDKSA-2007:203
www.mandriva.com/security/advisories?name=MDVSA-2008:162
www.redhat.com/support/errata/RHSA-2007-0323.html
www.securityfocus.com/bid/23731
www.vupen.com/english/advisories/2007/1597
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302
www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html
www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html
www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html