CVE-2007-5729
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability.
El emulador NE2000 en QEMU 0.8.2 permite a usuarios locales ejecutar código de su elección a través de la escritura de la estructura ethernet con un tamaño mayor que el MTU en el registro EN0_TCNT, lo cual dispara un desbordamiento de búfer basado en pila en la libreria slirp, también conocida como desbordamiento de pila NE2000 "mtu". NOTA: algunas fuentes han utilizado CVE-2007-1321 para referenciar este asunto como una parte de "el controlado de red NE2000 y el código de conexión," pero este es el indentificador correcto para la vulnerabilidad de desbordamiento de mtu.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-10-30 CVE Reserved
- 2007-10-30 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/42986 | Broken Link | |
| http://secunia.com/advisories/25073 | Third Party Advisory | |
| http://secunia.com/advisories/25095 | Third Party Advisory | |
| http://secunia.com/advisories/27486 | Third Party Advisory | |
| http://secunia.com/advisories/29129 | Third Party Advisory | |
| http://secunia.com/advisories/33568 | Third Party Advisory | |
| http://taviso.decsystem.org/virtsec.pdf | Technical Description | |
| http://www.attrition.org/pipermail/vim/2007-October/001842.html | Mailing List | |
| http://www.securityfocus.com/bid/23731 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2007/1597 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38238 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qemu Search vendor "Qemu" | Qemu Search vendor "Qemu" for product "Qemu" | 0.8.2 Search vendor "Qemu" for product "Qemu" and version "0.8.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.0 Search vendor "Opensuse" for product "Opensuse" and version "11.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.1 Search vendor "Opensuse" for product "Opensuse" and version "11.1" | - |
Affected
| ||||||