CVE-2007-1321

2007-10-3000:00:00

ubuntu.com

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

Percentile

10.1%

JSON

Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in
Xen and possibly other products, allows local users to trigger a heap-based
buffer overflow via certain register values that bypass sanity checks, aka
QEMU NE2000 “receive” integer signedness error. NOTE: this identifier was
inadvertently used by some sources to cover multiple issues that were
labeled “NE2000 network driver and the socket code,” but separate
identifiers have been created for the individual vulnerabilities since
there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.

Notes

Author	Note
jdstrand	kvm contains qemu (0.9.1 on hardy) kvm does not use ne2000 by default

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchkvm< 1:62+dfsg-0ubuntu3UNKNOWN
ubuntu8.10noarchkvm< 1:62+dfsg-0ubuntu3UNKNOWN
ubuntu9.04noarchkvm< 1:62+dfsg-0ubuntu3UNKNOWN
ubuntu7.10noarchqemu< 0.9.0-2ubuntu2UNKNOWN
ubuntu7.10noarchxen-3.1< 3.1.0-0ubuntu18UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	kvm	< 1:62+dfsg-0ubuntu3	UNKNOWN
ubuntu	8.10	noarch	kvm	< 1:62+dfsg-0ubuntu3	UNKNOWN
ubuntu	9.04	noarch	kvm	< 1:62+dfsg-0ubuntu3	UNKNOWN
ubuntu	7.10	noarch	qemu	< 0.9.0-2ubuntu2	UNKNOWN
ubuntu	7.10	noarch	xen-3.1	< 3.1.0-0ubuntu18	UNKNOWN