CVE-2007-1320: Buffer Overflow
First published: Fri Apr 20 2007(Updated: )
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/xen | <0:3.0.3-25.0.4.el5 | 0:3.0.3-25.0.4.el5 |
| redhat/65 | <7. | 7. |
| Fedora | =9 | |
| Fedora | =8 | |
| Fedora Core | =6 | |
| openSUSE libeconf | =11.1 | |
| openSUSE libeconf | =11.0 | |
| Debian | =3.1 | |
| Debian | =4.0 | |
| QEMU KVM | =0.8.2 | |
| Xen XAPI |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://taviso.decsystem.org/virtsec.pdf
- http://www.debian.org/security/2007/dsa-1284
- http://www.securityfocus.com/bid/23731
- http://secunia.com/advisories/25073
- http://secunia.com/advisories/25095
- http://www.debian.org/security/2007/dsa-1384
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:203
- http://www.redhat.com/support/errata/RHSA-2007-0323.html
- http://secunia.com/advisories/27085
- http://secunia.com/advisories/27103
- http://secunia.com/advisories/27486
- http://secunia.com/advisories/27047
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00706.html
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00935.html
- http://secunia.com/advisories/30413
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
- http://secunia.com/advisories/29129
- http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
- http://secunia.com/advisories/33568
- http://www.vupen.com/english/advisories/2007/1597
- http://osvdb.org/35494
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10315
- http://xenbits.xensource.com/xen-unstable.hg?rev/9e86260b95a4
- http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=4340
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=448524
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=237342#c11
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=237342#c12
- http://git.kernel.dk/?p=qemu.git;a=commitdiff;h=bfe312121eb80226f0cb2d4b7c2b9b5fafecd93e
- https://access.redhat.com/security/cve/CVE-2007-1320
- http://git.kernel.dk/?p=qemu.git;a=commitdiff;h=b2eb849d4b1fdb6f35d5c46958c7f703cf64cfef
- http://git.kernel.dk/?p=qemu.git;a=commitdiff;h=65d35a09979e63541afc5bfc595b9f1b1b4ae069
- https://access.redhat.com/security/cve/CVE-2008-4539
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=237342#c1
- http://xenbits.xensource.com/xen-3.1-testing.hg?file/623a07dda15c/tools/ioemu/patches/qemu-cirrus-bounds-checks
- http://git.qemu.org/?p=qemu.git;a=commitdiff;h=b2eb849d4b1fdb6f35d5c46958c7f703cf64cfef
- http://git.qemu.org/?p=qemu.git;a=commitdiff;h=65d35a09979e63541afc5bfc595b9f1b1b4ae069
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1169454
- https://access.redhat.com/security/cve/CVE-2014-8106
- https://bugzilla.redhat.com/show_bug.cgi?id=237342
- https://www.cve.org/CVERecord?id=CVE-2007-1320 https://nvd.nist.gov/vuln/detail/CVE-2007-1320
- https://access.redhat.com/errata/RHSA-2007:0323
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1320.json
Frequently Asked Questions
What is the severity of CVE-2007-1320?
CVE-2007-1320 is considered to have a high severity due to potential local code execution vulnerabilities.
How do I fix CVE-2007-1320?
To fix CVE-2007-1320, upgrade QEMU to a version later than 0.8.2 or apply patches provided by your operating system vendor.
Which software is affected by CVE-2007-1320?
CVE-2007-1320 affects QEMU version 0.8.2, as well as various distributions utilizing this version, such as Red Hat Xen and several Fedora and Debian releases.
Is CVE-2007-1320 a remote or local vulnerability?
CVE-2007-1320 is classified as a local vulnerability, allowing local users to execute arbitrary code.
What type of vulnerability is CVE-2007-1320?
CVE-2007-1320 is a heap-based buffer overflow vulnerability.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/redhat-cve
- source/Red Hat
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- alias/CVE-2007-1320
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- package-manager/redhat
- vendor/fedoraproject
- canonical/fedora
- version/fedora/9
- version/fedora/8
- canonical/fedora core
- version/fedora core/6
- vendor/opensuse
- canonical/opensuse libeconf
- version/opensuse libeconf/11.1
- version/opensuse libeconf/11.0
- vendor/debian
- canonical/debian
- version/debian/3.1
- version/debian/4.0
- vendor/qemu
- canonical/qemu kvm
- version/qemu kvm/0.8.2
- vendor/xen
- canonical/xen xapi