CVE-2007-1320

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.

References

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html

http://osvdb.org/35494

http://secunia.com/advisories/25073

http://secunia.com/advisories/25095

http://secunia.com/advisories/27047

http://secunia.com/advisories/27085

http://secunia.com/advisories/27103

http://secunia.com/advisories/27486

http://secunia.com/advisories/29129

http://secunia.com/advisories/30413

http://secunia.com/advisories/33568

http://taviso.decsystem.org/virtsec.pdf

http://www.debian.org/security/2007/dsa-1284

http://www.debian.org/security/2007/dsa-1384

http://www.mandriva.com/security/advisories?name=MDKSA-2007:203

http://www.mandriva.com/security/advisories?name=MDVSA-2008:162

http://www.redhat.com/support/errata/RHSA-2007-0323.html

http://www.securityfocus.com/bid/23731

http://www.vupen.com/english/advisories/2007/1597

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10315

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00706.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00935.html

Details

Source: MITRE

Published: 2007-05-02

Updated: 2020-12-15

Type: CWE-787

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
88770F5 Networks BIG-IP : Multiple QEMU vulnerabilities (K63519101)NessusF5 Networks Local Security Checks
critical
67486Oracle Linux 5 : xen (ELSA-2007-0323)NessusOracle Linux Local Security Checks
high
62274Fedora 10 : kvm-74-6.fc10 (2008-10083)NessusFedora Local Security Checks
high
60261Scientific Linux Security Update : xen on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
43639CentOS 5 : xen (CESA-2007:0323)NessusCentOS Local Security Checks
high
40254openSUSE Security Update : kvm (kvm-412)NessusSuSE Local Security Checks
high
40019openSUSE Security Update : kvm (kvm-412)NessusSuSE Local Security Checks
high
37509Mandriva Linux Security Advisory : qemu (MDVSA-2008:162)NessusMandriva Local Security Checks
high
37490Fedora 10 2008-10000NessusFedora Local Security Checks
critical
35266Fedora 9 : kvm-65-15.fc9 (2008-11705)NessusFedora Local Security Checks
high
34749Fedora 8 : kvm-60-7.fc8 (2008-9556)NessusFedora Local Security Checks
high
32467Fedora 8 : kvm-60-6.fc8 (2008-4604)NessusFedora Local Security Checks
high
32461Fedora 9 : kvm-65-7.fc9 (2008-4386)NessusFedora Local Security Checks
high
27614Mandrake Linux Security Advisory : xen (MDKSA-2007:203)NessusMandriva Local Security Checks
high
26933Fedora Core 6 : xen-3.0.3-12.fc6 (2007-713)NessusFedora Local Security Checks
high
26931Debian DSA-1384-1 : xen-utils - several vulnerabilitiesNessusDebian Local Security Checks
high
26903RHEL 5 : xen (RHSA-2007:0323)NessusRed Hat Local Security Checks
high
25151Debian DSA-1284-1 : qemu - several vulnerabilitiesNessusDebian Local Security Checks
high
25129FreeBSD : qemu -- several vulnerabilities (0ac89b39-f829-11db-b55c-000e0c6d38a9)NessusFreeBSD Local Security Checks
high