CVE-2007-5729

Vulnerability Description

The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.htmlMailing ListThird Party Advisory
• http://osvdb.org/42986Broken Link
• http://secunia.com/advisories/25073Third Party Advisory
• http://secunia.com/advisories/25095Third Party Advisory
• http://secunia.com/advisories/27486Third Party Advisory
• http://secunia.com/advisories/29129Third Party Advisory
• http://secunia.com/advisories/33568Third Party Advisory
• http://taviso.decsystem.org/virtsec.pdfTechnical DescriptionThird Party Advisory
• http://www.attrition.org/pipermail/vim/2007-October/001842.htmlThird Party Advisory
• http://www.debian.org/security/2007/dsa-1284Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDKSA-2007:203Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:162Third Party Advisory
• http://www.securityfocus.com/bid/23731Third Party AdvisoryVDB Entry
• http://www.vupen.com/english/advisories/2007/1597Third Party Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/38238Third Party AdvisoryVDB Entry