CVE-2007-5729
Last modified
CVE-2007-5729 is a vulnerability of currently unknown severity. The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability.. EPSS estimates a 0.58% chance of exploitation in the next 30 days.
Description
The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qemu | Qemu | 0.8.2 |
| Debian | Debian Linux | 3.1 |
| Debian | Debian Linux | 4.0 |
| Opensuse | Opensuse | 11.0 |
| Opensuse | Opensuse | 11.1 |
References
- http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.htmlMailing List, Third Party Advisory
- http://osvdb.org/42986Broken Link
- http://secunia.com/advisories/25073Third Party Advisory
- http://secunia.com/advisories/25095Third Party Advisory
- http://secunia.com/advisories/27486Third Party Advisory
- http://secunia.com/advisories/29129Third Party Advisory
- http://secunia.com/advisories/33568Third Party Advisory
- http://taviso.decsystem.org/virtsec.pdfTechnical Description, Third Party Advisory
- http://www.attrition.org/pipermail/vim/2007-October/001842.htmlThird Party Advisory
- http://www.debian.org/security/2007/dsa-1284Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:203Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:162Third Party Advisory
- http://www.securityfocus.com/bid/23731Third Party Advisory, VDB Entry
- http://www.vupen.com/english/advisories/2007/1597Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38238Third Party Advisory, VDB Entry
- http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.htmlMailing List, Third Party Advisory
- http://osvdb.org/42986Broken Link
- http://secunia.com/advisories/25073Third Party Advisory
- http://secunia.com/advisories/25095Third Party Advisory
- http://secunia.com/advisories/27486Third Party Advisory
- http://secunia.com/advisories/29129Third Party Advisory
- http://secunia.com/advisories/33568Third Party Advisory
- http://taviso.decsystem.org/virtsec.pdfTechnical Description, Third Party Advisory
- http://www.attrition.org/pipermail/vim/2007-October/001842.htmlThird Party Advisory
- http://www.debian.org/security/2007/dsa-1284Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:203Third Party Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:162Third Party Advisory
- http://www.securityfocus.com/bid/23731Third Party Advisory, VDB Entry
- http://www.vupen.com/english/advisories/2007/1597Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38238Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-5729?
How severe is CVE-2007-5729?
How do I fix CVE-2007-5729?
Are you affected by CVE-2007-5729?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST