// For flags

CVE-2008-4539

 

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.

Desbordamiento de búfer basado en montículo en la implementación Cirrus VGA en (1) KVM anterior a kvm-82 y (2) QEMU sobre Debian GNU/Linux y Ubuntu, podría permitir a usuarios locales obtener privilegios mediante el uso de la consola VNC para realizar una conexión, también conocido como el desbordamiento LGD-54XX "bitblt". NOTA: esta cuestión existe por una incorrecta corrección del CVE-2007-1320.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-10-13 CVE Reserved
  • 2008-12-29 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (20)
URL Tag Source
http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069 X_refsource_confirm
http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source Mailing List
http://secunia.com/advisories/25073 Third Party Advisory
http://secunia.com/advisories/29129 Third Party Advisory
http://secunia.com/advisories/33350 Third Party Advisory
http://secunia.com/advisories/34642 Third Party Advisory
http://secunia.com/advisories/35031 Third Party Advisory
http://secunia.com/advisories/35062 Third Party Advisory
http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5587 Third Party Advisory
http://www.mail-archive.com/cvs-all%40freebsd.org/msg129730.html Mailing List
http://www.mail-archive.com/secure-testing-commits%40lists.alioth.debian.org/msg09322.html Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=237342 Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=448525 Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=466890 Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/47736 Third Party Advisory
https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html 2023-11-07
http://www.debian.org/security/2009/dsa-1799 2023-11-07
http://www.ubuntu.com/usn/usn-776-1 2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html 2023-11-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Kvm Qumranet
Search vendor "Kvm Qumranet"
 Kvm
Search vendor "Kvm Qumranet" for product "Kvm"
 <= 81
Search vendor "Kvm Qumranet" for product "Kvm" and version " <= 81"
-
Affected
in Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
--
Safe
Kvm Qumranet
Search vendor "Kvm Qumranet"
 Kvm
Search vendor "Kvm Qumranet" for product "Kvm"
 <= 81
Search vendor "Kvm Qumranet" for product "Kvm" and version " <= 81"
-
Affected
in Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
--
Safe
Qemu
Search vendor "Qemu"
 Qemu
Search vendor "Qemu" for product "Qemu"
 < 0.10.0
Search vendor "Qemu" for product "Qemu" and version " < 0.10.0"
-
Affected
in Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
--
Safe
Qemu
Search vendor "Qemu"
 Qemu
Search vendor "Qemu" for product "Qemu"
 < 0.10.0
Search vendor "Qemu" for product "Qemu" and version " < 0.10.0"
-
Affected
in Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
--
Safe
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 8.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 8.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 4.0
Search vendor "Debian" for product "Debian Linux" and version "4.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 5.0
Search vendor "Debian" for product "Debian Linux" and version "5.0"
-
Affected