Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 02:02
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
14 May 2021, 18:37
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:kvm_qumranet:kvm:21:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:5:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:37:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:57:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:48:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:15:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:3:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:41:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:26:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:12:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:23:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:20:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:36:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:71:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:56:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:13:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:76:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:69:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:63:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:45:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:50:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:72:*:*:*:*:*:*:* cpe:2.3:o:ubuntu:ubuntu_linux:*:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:24:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:65:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:64:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:22:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:61:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:60:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:46:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:70:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:32:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:14:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:59:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:2:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:28:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:79:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:42:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:40:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:58:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:10:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:66:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:17:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:52:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:77:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:49:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:51:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:62:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:11:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:30:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:55:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:44:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:39:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:35:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:34:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:67:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:43:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:38:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:7:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:74:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:27:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:16:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:18:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:80:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:6:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:75:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:78:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:33:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:47:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:73:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:19:*:*:*:*:*:*:* cpe:2.3:o:debian:linux:*:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:68:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:53:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:25:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:4:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:31:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:1:*:*:*:*:*:*:* cpe:2.3:a:kvm_qumranet:kvm:29:*:*:*:*:*:*:* |
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* |
References | (CONFIRM) http://git.kernel.dk/?p=qemu.git;a=commitdiff;h=65d35a09979e63541afc5bfc595b9f1b1b4ae069 - Exploit, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=466890 - Issue Tracking, Third Party Advisory | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html - Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2009/dsa-1799 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/34642 - Third Party Advisory | |
References | (MLIST) http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source - Third Party Advisory | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=448525 - Issue Tracking, Third Party Advisory | |
References | (MLIST) http://www.mail-archive.com/cvs-all@freebsd.org/msg129730.html - Third Party Advisory | |
References | (CONFIRM) http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5587 - Third Party Advisory | |
References | (UBUNTU) http://www.ubuntu.com/usn/usn-776-1 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/25073 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/35062 - Third Party Advisory | |
References | (CONFIRM) https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/33350 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/35031 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/29129 - Third Party Advisory | |
References | (MLIST) http://www.mail-archive.com/secure-testing-commits@lists.alioth.debian.org/msg09322.html - Third Party Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/47736 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=237342 - Issue Tracking, Third Party Advisory |
Information
Published : 2008-12-29 15:24
Updated : 2023-12-10 10:51
NVD link : CVE-2008-4539
Mitre link : CVE-2008-4539
CVE.ORG link : CVE-2008-4539
JSON object : View
Products Affected
debian
- debian_linux
kvm_qumranet
- kvm
qemu
- qemu
canonical
- ubuntu_linux
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer