Vulnerability Details : CVE-2007-5729
The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-5729
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
Threat overview for CVE-2007-5729
Top countries where our scanners detected CVE-2007-5729
Top open port discovered on systems with this issue
5555
IPs affected by CVE-2007-5729 121
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-5729!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-5729
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-5729
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2007-5729
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2007-5729
-
Red Hat 2007-11-02Not vulnerable. This issue did not affect Xen as shipped with Red Hat Enterprise Linux 5.
References for CVE-2007-5729
-
http://osvdb.org/42986
Broken Link
-
http://secunia.com/advisories/29129
About Secunia Research | FlexeraThird Party Advisory
-
http://www.securityfocus.com/bid/23731
Third Party Advisory;VDB Entry
-
http://taviso.decsystem.org/virtsec.pdf
500 Internal Server ErrorTechnical Description;Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
MandrivaThird Party Advisory
-
http://www.vupen.com/english/advisories/2007/1597
Site en constructionThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/38238
QEMU NE2000 emulator code execution CVE-2007-5729 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:002 - openSUSE Security Announce - openSUSE Mailing ListsMailing List;Third Party Advisory
-
http://www.debian.org/security/2007/dsa-1284
[SECURITY] [DSA 1284-1] New qemu packages fix several vulnerabilitiesThird Party Advisory
-
http://secunia.com/advisories/25073
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/25095
About Secunia Research | FlexeraThird Party Advisory
-
http://www.attrition.org/pipermail/vim/2007-October/001842.html
[VIM] Clarification on old QEMU/NE2000/Xen issuesThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:203
MandrivaThird Party Advisory
-
http://secunia.com/advisories/27486
About Secunia Research | FlexeraThird Party Advisory
-
http://secunia.com/advisories/33568
About Secunia Research | FlexeraThird Party Advisory
Jump to