[bochs 2.3] Multiple vulnerabilities possibly allowing for the execution of arbitrary code or DoS
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| bochs (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: bochs
References:
[1] http://
[2] http://
[3] http://
Quoting [1]:
"Tavis Ormandy of the Google Security Team discovered a heap-based overflow vulnerability in the NE2000 driver (CVE-2007-2893). He also discovered a divide-by-zero error in the emulated floppy disk controller (CVE-2007-2894). [...] A local attacker in the guest operating system could exploit these issues to execute code outside of the virtual machine, or cause Bochs to crash."
Quoting [2]:
"Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow.""
Quoting [3]:
"The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error."
| Changed in bochs: | |
| status: | New → Confirmed |
| Jamie Strandboge (jdstrand) wrote | #1 |
| Changed in bochs (Ubuntu): | |
| status: | Confirmed → Fix Released |
These were fixed back in Ubuntu 8.04.