2
Candidate: CVE-2007-2893
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2893
6
Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in
7
iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users
8
of the guest operating system to write to arbitrary memory locations and
9
gain privileges on the host operating system via vectors that cause TXCNT
10
register values to exceed the device memory size, aka "RX Frame heap
14
jdstrand> this was also referred to as CVE-2007-1323
16
https://bugs.launchpad.net/ubuntu/+source/bochs/+bug/163824
20
dapper_bochs: ignored (reached end-of-life)
21
edgy_bochs: needed (reached end-of-life)
22
feisty_bochs: needed (reached end-of-life)
23
gutsy_bochs: released (2.3-2etch1)
24
hardy_bochs: not-affected
25
intrepid_bochs: not-affected
26
jaunty_bochs: not-affected
27
karmic_bochs: not-affected
28
devel_bochs: not-affected
32
vendor: http://www.debian.org/security/2007/dsa-1284
33
upstream_qemu: released
34
dapper_qemu: ignored (reached end-of-life)
35
edgy_qemu: needed (reached end-of-life)
36
feisty_qemu: needed (reached end-of-life)
37
gutsy_qemu: released (0.9.0-2ubuntu2)
38
hardy_qemu: not-affected (0.9.0-2ubuntu2)
39
intrepid_qemu: not-affected (0.9.0-2ubuntu2)
40
jaunty_qemu: not-affected (0.9.0-2ubuntu2)
48
feisty_kvm: needed (reached end-of-life)
49
gutsy_kvm: needed (reached end-of-life)
50
hardy_kvm: released (1:62+dfsg-0ubuntu3)
51
intrepid_kvm: released (1:62+dfsg-0ubuntu3)
52
jaunty_kvm: released (1:62+dfsg-0ubuntu3)
57
upstream_qemu-kvm: needs-triage
60
intrepid_qemu-kvm: DNE
62
karmic_qemu-kvm: not-affected (0.9.0-2ubuntu2)
63
devel_qemu-kvm: not-affected (0.9.0-2ubuntu2)