Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5730 to the following vulnerability: Heap-based buffer overflow in QEMU 0.8.2 allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability. References: http://taviso.decsystem.org/virtsec.pdf http://www.debian.org/security/2007/dsa-1284
See also https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-1321 where this was first discussed before CVE name split
Created attachment 287621 [details] Specific patch for CVE-2007-5730 issue
Created attachment 291284 [details] The posted patch.
Reporter changed to security-response-team by request of Jay Turner.
All children bugs have been closed, parent is no longer needed.