CVE-2007-5730: Buffer Overflow
First published: Tue Oct 30 2007(Updated: )
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian Linux | =3.1 | |
| Debian Linux | =4.0 | |
| QEMU | =0.8.2 | |
| Xen XAPI |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://taviso.decsystem.org/virtsec.pdf
- http://www.debian.org/security/2007/dsa-1284
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:203
- http://www.attrition.org/pipermail/vim/2007-October/001842.html
- http://www.securityfocus.com/bid/23731
- http://secunia.com/advisories/27486
- http://secunia.com/advisories/25073
- http://secunia.com/advisories/25095
- http://www.redhat.com/support/errata/RHSA-2008-0194.html
- http://secunia.com/advisories/29963
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
- http://osvdb.org/42985
- http://secunia.com/advisories/29129
- http://www.vupen.com/english/advisories/2007/1597
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38239
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10000
Frequently Asked Questions
What is the severity of CVE-2007-5730?
CVE-2007-5730 has a critical severity rating due to its potential to allow local users to execute arbitrary code.
How do I fix CVE-2007-5730?
To fix CVE-2007-5730, you should update QEMU to a version later than 0.8.2 or apply appropriate security patches provided by your distribution.
Which versions of QEMU are affected by CVE-2007-5730?
CVE-2007-5730 affects QEMU version 0.8.2 specifically.
Is CVE-2007-5730 exploitable in a Xen environment?
Yes, CVE-2007-5730 can be exploited in environments using Xen and running vulnerable versions of QEMU.
What type of vulnerability is CVE-2007-5730 classified as?
CVE-2007-5730 is classified as a heap-based buffer overflow vulnerability.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/debian
- canonical/debian linux
- version/debian linux/3.1
- version/debian linux/4.0
- vendor/qemu
- canonical/qemu
- version/qemu/0.8.2
- vendor/xen
- canonical/xen xapi