Vulnerability CVE-2007-2893


Published: 2007-05-29   Modified: 2012-02-12

Description:
Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Bochs -> Bochs 

 References:
http://xforce.iss.net/xforce/xfdb/34508
http://www.vupen.com/english/advisories/2007/1936
http://www.securityfocus.com/bid/24246
http://www.debian.org/security/2007/dsa-1351
http://taviso.decsystem.org/virtsec.pdf
http://security.gentoo.org/glsa/glsa-200711-21.xml
http://secunia.com/advisories/27715
http://secunia.com/advisories/26364
http://secunia.com/advisories/25470
http://bugs.gentoo.org/show_bug.cgi?id=188148

Copyright 2024, cxsecurity.com

 

Back to Top