NVD脆弱性詳細

CVE-2007-1320

概要	Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.
概要	Múltiples desbordamientos de búfer en la región heap de la memoria en la función cirrus_invalidate_region en la extensión Cirrus VGA en QEMU versión 0.8.2, como es usado en Xen y posiblemente otros productos, podrían permitir a usuarios locales ejecutar código arbitrario por medio de vectores no especificados relacionados a "attempting to mark non-existent regions as dirty," también se conoce como el desbordamiento de la pila "bitblt".
公表日	2007年5月3日2:19
登録日	2021年1月29日14:08
最終更新日	2026年4月23日9:35

CVSS2.0 : HIGH
スコア	7.2
ベクター	AV:L/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
全ての特権を取得	はい
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:qemu:qemu:0.8.2:::::::*
cpe:2.3:o:fedoraproject:fedora:8:::::::*
cpe:2.3:o:fedoraproject:fedora:9:::::::*
cpe:2.3:o:fedoraproject:fedora_core:6:::::::*
cpe:2.3:o:opensuse:opensuse:11.0:::::::*
cpe:2.3:o:opensuse:opensuse:11.1:::::::*
cpe:2.3:o:debian:debian_linux:3.1:::::::*
cpe:2.3:o:debian:debian_linux:4.0:::::::*

構成2		以上	以下	より上	未満

関連情報、対策とツール

No	URL	refsource
1	http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html	cve@mitre.org
2	http://osvdb.org/35494	cve@mitre.org
3	http://secunia.com/advisories/25073	cve@mitre.org
4	http://secunia.com/advisories/25095	cve@mitre.org
5	http://secunia.com/advisories/27047	cve@mitre.org
6	http://secunia.com/advisories/27085	cve@mitre.org
7	http://secunia.com/advisories/27103	cve@mitre.org
8	http://secunia.com/advisories/27486	cve@mitre.org
9	http://secunia.com/advisories/29129	cve@mitre.org
10	http://secunia.com/advisories/30413	cve@mitre.org
11	http://secunia.com/advisories/33568	cve@mitre.org
12	http://taviso.decsystem.org/virtsec.pdf	cve@mitre.org
13	http://www.debian.org/security/2007/dsa-1284	cve@mitre.org
14	http://www.debian.org/security/2007/dsa-1384	cve@mitre.org
15	http://www.mandriva.com/security/advisories?name=MDKSA-2007:203	cve@mitre.org
16	http://www.mandriva.com/security/advisories?name=MDVSA-2008:162	cve@mitre.org
17	http://www.redhat.com/support/errata/RHSA-2007-0323.html	cve@mitre.org
18	http://www.securityfocus.com/bid/23731	cve@mitre.org
19	http://www.vupen.com/english/advisories/2007/1597	cve@mitre.org
20	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10315	cve@mitre.org
21	https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html	cve@mitre.org
22	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00706.html	cve@mitre.org
23	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00935.html	cve@mitre.org
24	http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html	af854a3a-2127-422b-91ae-364da2661108
25	http://osvdb.org/35494	af854a3a-2127-422b-91ae-364da2661108
26	http://secunia.com/advisories/25073	af854a3a-2127-422b-91ae-364da2661108
27	http://secunia.com/advisories/25095	af854a3a-2127-422b-91ae-364da2661108
28	http://secunia.com/advisories/27047	af854a3a-2127-422b-91ae-364da2661108
29	http://secunia.com/advisories/27085	af854a3a-2127-422b-91ae-364da2661108
30	http://secunia.com/advisories/27103	af854a3a-2127-422b-91ae-364da2661108
31	http://secunia.com/advisories/27486	af854a3a-2127-422b-91ae-364da2661108
32	http://secunia.com/advisories/29129	af854a3a-2127-422b-91ae-364da2661108
33	http://secunia.com/advisories/30413	af854a3a-2127-422b-91ae-364da2661108
34	http://secunia.com/advisories/33568	af854a3a-2127-422b-91ae-364da2661108
35	http://taviso.decsystem.org/virtsec.pdf	af854a3a-2127-422b-91ae-364da2661108
36	http://www.debian.org/security/2007/dsa-1284	af854a3a-2127-422b-91ae-364da2661108
37	http://www.debian.org/security/2007/dsa-1384	af854a3a-2127-422b-91ae-364da2661108
38	http://www.mandriva.com/security/advisories?name=MDKSA-2007:203	af854a3a-2127-422b-91ae-364da2661108
39	http://www.mandriva.com/security/advisories?name=MDVSA-2008:162	af854a3a-2127-422b-91ae-364da2661108
40	http://www.redhat.com/support/errata/RHSA-2007-0323.html	af854a3a-2127-422b-91ae-364da2661108
41	http://www.securityfocus.com/bid/23731	af854a3a-2127-422b-91ae-364da2661108
42	http://www.vupen.com/english/advisories/2007/1597	af854a3a-2127-422b-91ae-364da2661108
43	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10315	af854a3a-2127-422b-91ae-364da2661108
44	https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html	af854a3a-2127-422b-91ae-364da2661108
45	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00706.html	af854a3a-2127-422b-91ae-364da2661108
46	https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00935.html	af854a3a-2127-422b-91ae-364da2661108

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-787	境界外書き込み	https://cwe.mitre.org/data/definitions/787.html

構成1	以上	以下	より上	未満
cpe:2.3:a:qemu:qemu:0.8.2:::::::*
cpe:2.3:o:fedoraproject:fedora:8:::::::*
cpe:2.3:o:fedoraproject:fedora:9:::::::*
cpe:2.3:o:fedoraproject:fedora_core:6:::::::*
cpe:2.3:o:opensuse:opensuse:11.0:::::::*
cpe:2.3:o:opensuse:opensuse:11.1:::::::*
cpe:2.3:o:debian:debian_linux:3.1:::::::*
cpe:2.3:o:debian:debian_linux:4.0:::::::*