CVE-2007-1321: Buffer Overflow
First published: Tue Oct 30 2007(Updated: )
Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fedora | =7 | |
| Fedora | =6 | |
| Debian | =3.1 | |
| Debian | =4.0 | |
| QEMU KVM | =0.8.2 | |
| Xen xen-unstable | ||
| Fedoraproject Fedora | =7 | |
| fedoraproject fedora core | =6 | |
| Debian Debian Linux | =3.1 | |
| Debian Debian Linux | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://taviso.decsystem.org/virtsec.pdf
- http://www.debian.org/security/2007/dsa-1284
- http://www.redhat.com/support/errata/RHSA-2007-0323.html
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:203
- http://www.attrition.org/pipermail/vim/2007-October/001842.html
- http://www.securityfocus.com/bid/23731
- http://securitytracker.com/id?1018761
- http://secunia.com/advisories/27072
- http://secunia.com/advisories/27103
- http://secunia.com/advisories/27486
- http://secunia.com/advisories/25073
- http://secunia.com/advisories/25095
- http://secunia.com/advisories/27047
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
- http://secunia.com/advisories/29129
- http://www.vupen.com/english/advisories/2007/1597
- http://osvdb.org/35495
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302
Frequently Asked Questions
What is the severity of CVE-2007-1321?
CVE-2007-1321 is considered a high severity vulnerability due to its potential for causing a heap-based buffer overflow.
How do I fix CVE-2007-1321?
To fix CVE-2007-1321, update QEMU to a version later than 0.8.2 that addresses this integer signedness error.
Which software is affected by CVE-2007-1321?
CVE-2007-1321 affects QEMU version 0.8.2 and various versions of Fedora and Debian operating systems.
What type of vulnerability is CVE-2007-1321?
CVE-2007-1321 is classified as an integer signedness error that leads to a buffer overflow.
Can CVE-2007-1321 be exploited remotely?
CVE-2007-1321 requires local access for exploitation through certain register values.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- vendor/fedoraproject
- canonical/fedora
- version/fedora/7
- version/fedora/6
- vendor/debian
- canonical/debian
- version/debian/3.1
- version/debian/4.0
- vendor/qemu
- canonical/qemu kvm
- version/qemu kvm/0.8.2
- vendor/xen
- canonical/xen xen-unstable
- canonical/fedoraproject fedora
- version/fedoraproject fedora/7
- canonical/fedoraproject fedora core
- version/fedoraproject fedora core/6
- canonical/debian debian linux
- version/debian debian linux/3.1
- version/debian debian linux/4.0