[Bug 241799] CVE-2007-2894: bochs guest OS local user DoS

bugzilla at redhat.com bugzilla at redhat.com
Wed Jul 18 17:37:11 UTC 2007


Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: CVE-2007-2894: bochs guest OS local user DoS


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799


bugzilla at redhat.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Product|Fedora Extras               |Fedora




------- Additional Comments From j.w.r.degoede at hhs.nl  2007-07-18 13:37 EST -------
Since upstream isn't making any progress with regards to this, I've investigated
this a bit further.

This CVS stems from someone doing virtual machine / pc research and the original
report mentions not one but 2 vulnerabilities:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2893
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2894

2893 is a reproducible, most likely exploitable, buffer overflow in the ne2000
driver. For which a fix is in CVS, I will issue a fixed package for this shortly

2894 is a report of a divide by zero error in the floppy, which the researcher
managed to trigger once by feeding random bytes to the emulated floppy
controller. This is not reproducable, and upstream has audited the code and can
not find any divide by zero conditions, so I'm assuming this issue is moot.





-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.




More information about the Fedora-security-list mailing list