CVE-2007-5730
Published: 30 October 2007
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability.
Notes
Author | Note |
---|---|
jdstrand | kvm includes qemu (0.9.1 on hardy) Debian used CVE-2007-1321 for this |
Priority
Status
Package | Release | Status |
---|---|---|
kvm Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(1:62+dfsg-0ubuntu3)
|
|
intrepid |
Released
(1:62+dfsg-0ubuntu3)
|
|
jaunty |
Released
(1:62+dfsg-0ubuntu3)
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
qemu Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(0.9.0-2)
|
|
hardy |
Released
(0.9.0-2)
|
|
intrepid |
Released
(0.9.0-2)
|
|
jaunty |
Released
(0.9.0-2)
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://www.debian.org/security/2007/dsa-1284 |
||
qemu-kvm Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Released
(0.9.0-2)
|
|
upstream |
Needs triage
|