Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-1320

Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.

Published

2007-05-02T17:19:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	qemu	qemu	0.8.2	Yes
Operating System	xen	xen	-	No
Operating System	fedoraproject	fedora	8	Yes
Operating System	fedoraproject	fedora	9	Yes
Operating System	fedoraproject	fedora_core	6	Yes
Operating System	opensuse	opensuse	11.0	Yes
Operating System	opensuse	opensuse	11.1	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	debian	debian_linux	4.0	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html Mailing List, Third Party Advisory ([email protected])
http://osvdb.org/35494 Broken Link ([email protected])
http://secunia.com/advisories/25073 Third Party Advisory ([email protected])
http://secunia.com/advisories/25095 Third Party Advisory ([email protected])
http://secunia.com/advisories/27047 Third Party Advisory ([email protected])
http://secunia.com/advisories/27085 Third Party Advisory ([email protected])
http://secunia.com/advisories/27103 Third Party Advisory ([email protected])
http://secunia.com/advisories/27486 Third Party Advisory ([email protected])
http://secunia.com/advisories/29129 Third Party Advisory ([email protected])
http://secunia.com/advisories/30413 Third Party Advisory ([email protected])
http://secunia.com/advisories/33568 Third Party Advisory ([email protected])
http://taviso.decsystem.org/virtsec.pdf Technical Description, Third Party Advisory ([email protected])
http://www.debian.org/security/2007/dsa-1284 Third Party Advisory ([email protected])
http://www.debian.org/security/2007/dsa-1384 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:203 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0323.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/23731 Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2007/1597 Third Party Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10315 Third Party Advisory ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html Third Party Advisory ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00706.html Third Party Advisory ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00935.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/35494 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25073 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/25095 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27047 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27085 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27103 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27486 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29129 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30413 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33568 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://taviso.decsystem.org/virtsec.pdf Technical Description, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1284 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1384 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:203 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0323.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/23731 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/1597 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10315 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00706.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00935.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)