cvelistv5 - cve-2007-1321

CVE-2007-1321 (GCVE-0-2007-1321)

Vulnerability from cvelistv5 – Published: 2007-10-30 22:00 – Updated: 2024-08-07 12:50

Summary

Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/23731	vdb-entryx_refsource_BID
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/27047	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2007/dsa-1284	vendor-advisoryx_refsource_DEBIAN
	http://securitytracker.com/id?1018761	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/25073	third-party-advisoryx_refsource_SECUNIA
	http://taviso.decsystem.org/virtsec.pdf	x_refsource_MISC
	http://secunia.com/advisories/27486	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://osvdb.org/35495	vdb-entryx_refsource_OSVDB
	http://www.vupen.com/english/advisories/2007/1597	vdb-entryx_refsource_VUPEN
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/27103	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/29129	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2007-03…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/25095	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/27072	third-party-advisoryx_refsource_SECUNIA
	http://www.attrition.org/pipermail/vim/2007-Octob…	mailing-listx_refsource_VIM
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:50:35.226Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "23731",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23731"
          },
          {
            "name": "MDKSA-2007:203",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
          },
          {
            "name": "FEDORA-2007-2270",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html"
          },
          {
            "name": "27047",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27047"
          },
          {
            "name": "DSA-1284",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1284"
          },
          {
            "name": "1018761",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018761"
          },
          {
            "name": "25073",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25073"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://taviso.decsystem.org/virtsec.pdf"
          },
          {
            "name": "27486",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27486"
          },
          {
            "name": "MDVSA-2008:162",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
          },
          {
            "name": "35495",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/35495"
          },
          {
            "name": "ADV-2007-1597",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1597"
          },
          {
            "name": "FEDORA-2007-2708",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html"
          },
          {
            "name": "27103",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27103"
          },
          {
            "name": "29129",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29129"
          },
          {
            "name": "RHSA-2007:0323",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0323.html"
          },
          {
            "name": "25095",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25095"
          },
          {
            "name": "27072",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27072"
          },
          {
            "name": "20071030 Clarification on old QEMU/NE2000/Xen issues",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
          },
          {
            "name": "FEDORA-2007-713",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html"
          },
          {
            "name": "oval:org.mitre.oval:def:9302",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-05-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 \"receive\" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled \"NE2000 network driver and the socket code,\" but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "23731",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23731"
        },
        {
          "name": "MDKSA-2007:203",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
        },
        {
          "name": "FEDORA-2007-2270",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html"
        },
        {
          "name": "27047",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27047"
        },
        {
          "name": "DSA-1284",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1284"
        },
        {
          "name": "1018761",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018761"
        },
        {
          "name": "25073",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25073"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://taviso.decsystem.org/virtsec.pdf"
        },
        {
          "name": "27486",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27486"
        },
        {
          "name": "MDVSA-2008:162",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
        },
        {
          "name": "35495",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/35495"
        },
        {
          "name": "ADV-2007-1597",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1597"
        },
        {
          "name": "FEDORA-2007-2708",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html"
        },
        {
          "name": "27103",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27103"
        },
        {
          "name": "29129",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29129"
        },
        {
          "name": "RHSA-2007:0323",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0323.html"
        },
        {
          "name": "25095",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25095"
        },
        {
          "name": "27072",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27072"
        },
        {
          "name": "20071030 Clarification on old QEMU/NE2000/Xen issues",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
        },
        {
          "name": "FEDORA-2007-713",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html"
        },
        {
          "name": "oval:org.mitre.oval:def:9302",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1321",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 \"receive\" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled \"NE2000 network driver and the socket code,\" but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "23731",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23731"
            },
            {
              "name": "MDKSA-2007:203",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
            },
            {
              "name": "FEDORA-2007-2270",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html"
            },
            {
              "name": "27047",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27047"
            },
            {
              "name": "DSA-1284",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1284"
            },
            {
              "name": "1018761",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018761"
            },
            {
              "name": "25073",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25073"
            },
            {
              "name": "http://taviso.decsystem.org/virtsec.pdf",
              "refsource": "MISC",
              "url": "http://taviso.decsystem.org/virtsec.pdf"
            },
            {
              "name": "27486",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27486"
            },
            {
              "name": "MDVSA-2008:162",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
            },
            {
              "name": "35495",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/35495"
            },
            {
              "name": "ADV-2007-1597",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/1597"
            },
            {
              "name": "FEDORA-2007-2708",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html"
            },
            {
              "name": "27103",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27103"
            },
            {
              "name": "29129",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29129"
            },
            {
              "name": "RHSA-2007:0323",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0323.html"
            },
            {
              "name": "25095",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25095"
            },
            {
              "name": "27072",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27072"
            },
            {
              "name": "20071030 Clarification on old QEMU/NE2000/Xen issues",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
            },
            {
              "name": "FEDORA-2007-713",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html"
            },
            {
              "name": "oval:org.mitre.oval:def:9302",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1321",
    "datePublished": "2007-10-30T22:00:00",
    "dateReserved": "2007-03-07T00:00:00",
    "dateUpdated": "2024-08-07T12:50:35.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27650033-1C9F-4175-A26F-D9082A36F079\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFA1950D-1D9F-4401-AA86-CF3028EFD286\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3EFD171-01F7-450B-B6F3-0F7E443A2337\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora_core:6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B77298D3-CFD9-4DF0-954E-090A830256B8\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F92AB32-E7DE-43F4-B877-1F41FA162EC7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 \\\"receive\\\" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled \\\"NE2000 network driver and the socket code,\\\" but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.\"}, {\"lang\": \"es\", \"value\": \"Un error en la propiedad signedness de enteros en el emulador NE2000 en QEMU versi\\u00f3n 0.8.2, tal y como es usado en Xen y posiblemente otros productos, permite a usuarios locales desencadenar un desbordamiento de b\\u00fafer en la regi\\u00f3n heap de la memoria por medio de ciertos valores de registro que omiten las comprobaciones de saneamiento, tambi\\u00e9n se conoce como error en la propiedad signedness de enteros \\\"receive\\\" de QEMU NE2000. NOTA: este identificador fue usado inadvertidamente por algunas fuentes para cubrir m\\u00faltiples problemas que fueron etiquetados como \\\"NE2000 network driver and the socket code\\u201d, pero se han creado identificadores separados para las vulnerabilidades individuales ya que existen algunas veces diferentes correcciones; consulte CVE-2007-5729 y CVE-2007-5730.\"}]",
      "id": "CVE-2007-1321",
      "lastModified": "2024-11-21T00:28:01.537",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-10-30T22:46:00.000",
      "references": "[{\"url\": \"http://osvdb.org/35495\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/25073\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/25095\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27047\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27072\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27103\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27486\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29129\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1018761\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://taviso.decsystem.org/virtsec.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"http://www.attrition.org/pipermail/vim/2007-October/001842.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2007/dsa-1284\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2007:203\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:162\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-0323.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/23731\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1597\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://osvdb.org/35495\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/25073\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/25095\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27047\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27072\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27103\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27486\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29129\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1018761\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://taviso.decsystem.org/virtsec.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"http://www.attrition.org/pipermail/vim/2007-October/001842.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.debian.org/security/2007/dsa-1284\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2007:203\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2008:162\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-0323.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/23731\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/1597\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-1321\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-10-30T22:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 \\\"receive\\\" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled \\\"NE2000 network driver and the socket code,\\\" but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.\"},{\"lang\":\"es\",\"value\":\"Un error en la propiedad signedness de enteros en el emulador NE2000 en QEMU versi\u00f3n 0.8.2, tal y como es usado en Xen y posiblemente otros productos, permite a usuarios locales desencadenar un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria por medio de ciertos valores de registro que omiten las comprobaciones de saneamiento, tambi\u00e9n se conoce como error en la propiedad signedness de enteros \\\"receive\\\" de QEMU NE2000. NOTA: este identificador fue usado inadvertidamente por algunas fuentes para cubrir m\u00faltiples problemas que fueron etiquetados como \\\"NE2000 network driver and the socket code\u201d, pero se han creado identificadores separados para las vulnerabilidades individuales ya que existen algunas veces diferentes correcciones; consulte CVE-2007-5729 y CVE-2007-5730.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27650033-1C9F-4175-A26F-D9082A36F079\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFA1950D-1D9F-4401-AA86-CF3028EFD286\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3EFD171-01F7-450B-B6F3-0F7E443A2337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora_core:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B77298D3-CFD9-4DF0-954E-090A830256B8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F92AB32-E7DE-43F4-B877-1F41FA162EC7\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/35495\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/25073\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/25095\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/27047\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/27072\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/27103\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/27486\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/29129\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018761\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://taviso.decsystem.org/virtsec.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.attrition.org/pipermail/vim/2007-October/001842.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2007/dsa-1284\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:203\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:162\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0323.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/23731\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/1597\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/35495\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/25073\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/25095\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/27047\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/27072\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/27103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/27486\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/29129\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018761\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://taviso.decsystem.org/virtsec.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.attrition.org/pipermail/vim/2007-October/001842.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2007/dsa-1284\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:203\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:162\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0323.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/23731\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/1597\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

RHSA-2007:0323

Vulnerability from csaf_redhat - Published: 2007-10-02 20:53 - Updated: 2025-11-21 17:31

Summary

Red Hat Security Advisory: xen security update

Notes

Topic

An updated Xen package to fix multiple security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.

Details

The Xen package contains the tools for managing the virtual machine monitor in Red Hat Enterprise Linux virtualization. The following security flaws are fixed in the updated Xen package: Joris van Rantwijk found a flaw in the Pygrub utility which is used as a boot loader for guest domains. A malicious local administrator of a guest domain could create a carefully crafted grub.conf file which would trigger the execution of arbitrary code outside of that domain. (CVE-2007-4993) Tavis Ormandy discovered a heap overflow flaw during video-to-video copy operations in the Cirrus VGA extension code used in Xen. A malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain. (CVE-2007-1320) Tavis Ormandy discovered insufficient input validation leading to a heap overflow in the Xen NE2000 network driver. If the driver is in use, a malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain. Xen does not use this driver by default. (CVE-2007-1321) Users of Xen should update to these erratum packages containing backported patches which correct these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Xen package to fix multiple security issues is now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Xen package contains the tools for managing the virtual machine monitor\nin Red Hat Enterprise Linux virtualization.\n\nThe following security flaws are fixed in the updated Xen package:\n\nJoris van Rantwijk found a flaw in the Pygrub utility which is used as a\nboot loader for guest domains.  A malicious local administrator of a guest\ndomain could create a carefully crafted grub.conf file which would trigger\nthe execution of arbitrary code outside of that domain. (CVE-2007-4993)\n\nTavis Ormandy discovered a heap overflow flaw during video-to-video copy\noperations in the Cirrus VGA extension code used in Xen.  A malicious local\nadministrator of a guest domain could potentially trigger this flaw and\nexecute arbitrary code outside of the domain. (CVE-2007-1320)\n\nTavis Ormandy discovered insufficient input validation leading to a heap\noverflow in the Xen NE2000 network driver.   If the driver is in use, a\nmalicious local administrator of a guest domain could potentially trigger\nthis flaw and execute arbitrary code outside of the domain.  Xen does not\nuse this driver by default. (CVE-2007-1321)\n\nUsers of Xen should update to these erratum packages containing backported\npatches which correct these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2007:0323",
        "url": "https://access.redhat.com/errata/RHSA-2007:0323"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#important",
        "url": "http://www.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "237342",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237342"
      },
      {
        "category": "external",
        "summary": "237343",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237343"
      },
      {
        "category": "external",
        "summary": "302801",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=302801"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0323.json"
      }
    ],
    "title": "Red Hat Security Advisory: xen security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:31:32+00:00",
      "generator": {
        "date": "2025-11-21T17:31:32+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2007:0323",
      "initial_release_date": "2007-10-02T20:53:00+00:00",
      "revision_history": [
        {
          "date": "2007-10-02T20:53:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2007-10-02T16:53:38+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:31:32+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
                  "product_id": "5Client-VT",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_virtualization:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Virtualization (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux Virtualization (v. 5 server)",
                  "product_id": "5Server-VT",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_virtualization:5::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
                "product": {
                  "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
                  "product_id": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen-debuginfo@3.0.3-25.0.4.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xen-devel-0:3.0.3-25.0.4.el5.ia64",
                "product": {
                  "name": "xen-devel-0:3.0.3-25.0.4.el5.ia64",
                  "product_id": "xen-devel-0:3.0.3-25.0.4.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen-devel@3.0.3-25.0.4.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xen-0:3.0.3-25.0.4.el5.ia64",
                "product": {
                  "name": "xen-0:3.0.3-25.0.4.el5.ia64",
                  "product_id": "xen-0:3.0.3-25.0.4.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen@3.0.3-25.0.4.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-0:3.0.3-25.0.4.el5.ia64",
                "product": {
                  "name": "xen-libs-0:3.0.3-25.0.4.el5.ia64",
                  "product_id": "xen-libs-0:3.0.3-25.0.4.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen-libs@3.0.3-25.0.4.el5?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
                "product": {
                  "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
                  "product_id": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen-debuginfo@3.0.3-25.0.4.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xen-devel-0:3.0.3-25.0.4.el5.x86_64",
                "product": {
                  "name": "xen-devel-0:3.0.3-25.0.4.el5.x86_64",
                  "product_id": "xen-devel-0:3.0.3-25.0.4.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen-devel@3.0.3-25.0.4.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xen-0:3.0.3-25.0.4.el5.x86_64",
                "product": {
                  "name": "xen-0:3.0.3-25.0.4.el5.x86_64",
                  "product_id": "xen-0:3.0.3-25.0.4.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen@3.0.3-25.0.4.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-0:3.0.3-25.0.4.el5.x86_64",
                "product": {
                  "name": "xen-libs-0:3.0.3-25.0.4.el5.x86_64",
                  "product_id": "xen-libs-0:3.0.3-25.0.4.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen-libs@3.0.3-25.0.4.el5?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
                "product": {
                  "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
                  "product_id": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen-debuginfo@3.0.3-25.0.4.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xen-devel-0:3.0.3-25.0.4.el5.i386",
                "product": {
                  "name": "xen-devel-0:3.0.3-25.0.4.el5.i386",
                  "product_id": "xen-devel-0:3.0.3-25.0.4.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen-devel@3.0.3-25.0.4.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xen-0:3.0.3-25.0.4.el5.i386",
                "product": {
                  "name": "xen-0:3.0.3-25.0.4.el5.i386",
                  "product_id": "xen-0:3.0.3-25.0.4.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen@3.0.3-25.0.4.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-0:3.0.3-25.0.4.el5.i386",
                "product": {
                  "name": "xen-libs-0:3.0.3-25.0.4.el5.i386",
                  "product_id": "xen-libs-0:3.0.3-25.0.4.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen-libs@3.0.3-25.0.4.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-0:3.0.3-25.0.4.el5.src",
                "product": {
                  "name": "xen-0:3.0.3-25.0.4.el5.src",
                  "product_id": "xen-0:3.0.3-25.0.4.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen@3.0.3-25.0.4.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.src as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-0:3.0.3-25.0.4.el5.src"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.src",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-0:3.0.3-25.0.4.el5.src"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-devel-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-devel-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-devel-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-libs-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-libs-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.src as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-0:3.0.3-25.0.4.el5.src"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.src",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-0:3.0.3-25.0.4.el5.src"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-devel-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-devel-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-devel-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-libs-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-libs-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-1320",
      "discovery_date": "2007-03-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237342"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to \"attempting to mark non-existent regions as dirty,\" aka the \"bitblt\" heap overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xen/qemu Cirrus LGD-54XX \"bitblt\" Heap Overflow",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.src",
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-0:3.0.3-25.0.4.el5.src",
          "5Client:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.src",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-0:3.0.3-25.0.4.el5.src",
          "5Server:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1320"
        },
        {
          "category": "external",
          "summary": "RHBZ#237342",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237342"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1320",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1320"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1320",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1320"
        }
      ],
      "release_date": "2007-04-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-10-02T20:53:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.src",
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-0:3.0.3-25.0.4.el5.src",
            "5Client:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.src",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-0:3.0.3-25.0.4.el5.src",
            "5Server:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0323"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "xen/qemu Cirrus LGD-54XX \"bitblt\" Heap Overflow"
    },
    {
      "cve": "CVE-2007-1321",
      "discovery_date": "2007-03-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237343"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 \"receive\" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled \"NE2000 network driver and the socket code,\" but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xen QEMU NE2000 emulation issues",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.src",
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-0:3.0.3-25.0.4.el5.src",
          "5Client:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.src",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-0:3.0.3-25.0.4.el5.src",
          "5Server:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1321"
        },
        {
          "category": "external",
          "summary": "RHBZ#237343",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237343"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1321",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1321"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1321",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1321"
        }
      ],
      "release_date": "2007-04-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-10-02T20:53:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.src",
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-0:3.0.3-25.0.4.el5.src",
            "5Client:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.src",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-0:3.0.3-25.0.4.el5.src",
            "5Server:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0323"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "xen QEMU NE2000 emulation issues"
    },
    {
      "cve": "CVE-2007-4993",
      "discovery_date": "2007-09-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "302801"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xen guest root can escape to domain 0 through pygrub",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.src",
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-0:3.0.3-25.0.4.el5.src",
          "5Client:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.src",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-0:3.0.3-25.0.4.el5.src",
          "5Server:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-4993"
        },
        {
          "category": "external",
          "summary": "RHBZ#302801",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=302801"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4993",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-4993"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4993",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4993"
        }
      ],
      "release_date": "2007-09-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-10-02T20:53:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.src",
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-0:3.0.3-25.0.4.el5.src",
            "5Client:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.src",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-0:3.0.3-25.0.4.el5.src",
            "5Server:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0323"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "xen guest root can escape to domain 0 through pygrub"
    }
  ]
}

RHSA-2007_0323

Vulnerability from csaf_redhat - Published: 2007-10-02 20:53 - Updated: 2024-11-22 01:01

Summary

Red Hat Security Advisory: xen security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated Xen package to fix multiple security issues is now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Xen package contains the tools for managing the virtual machine monitor\nin Red Hat Enterprise Linux virtualization.\n\nThe following security flaws are fixed in the updated Xen package:\n\nJoris van Rantwijk found a flaw in the Pygrub utility which is used as a\nboot loader for guest domains.  A malicious local administrator of a guest\ndomain could create a carefully crafted grub.conf file which would trigger\nthe execution of arbitrary code outside of that domain. (CVE-2007-4993)\n\nTavis Ormandy discovered a heap overflow flaw during video-to-video copy\noperations in the Cirrus VGA extension code used in Xen.  A malicious local\nadministrator of a guest domain could potentially trigger this flaw and\nexecute arbitrary code outside of the domain. (CVE-2007-1320)\n\nTavis Ormandy discovered insufficient input validation leading to a heap\noverflow in the Xen NE2000 network driver.   If the driver is in use, a\nmalicious local administrator of a guest domain could potentially trigger\nthis flaw and execute arbitrary code outside of the domain.  Xen does not\nuse this driver by default. (CVE-2007-1321)\n\nUsers of Xen should update to these erratum packages containing backported\npatches which correct these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2007:0323",
        "url": "https://access.redhat.com/errata/RHSA-2007:0323"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#important",
        "url": "http://www.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "237342",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237342"
      },
      {
        "category": "external",
        "summary": "237343",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237343"
      },
      {
        "category": "external",
        "summary": "302801",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=302801"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0323.json"
      }
    ],
    "title": "Red Hat Security Advisory: xen security update",
    "tracking": {
      "current_release_date": "2024-11-22T01:01:09+00:00",
      "generator": {
        "date": "2024-11-22T01:01:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2007:0323",
      "initial_release_date": "2007-10-02T20:53:00+00:00",
      "revision_history": [
        {
          "date": "2007-10-02T20:53:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2007-10-02T16:53:38+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T01:01:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
                  "product_id": "5Client-VT",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_virtualization:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Virtualization (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux Virtualization (v. 5 server)",
                  "product_id": "5Server-VT",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_virtualization:5::server"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
                "product": {
                  "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
                  "product_id": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen-debuginfo@3.0.3-25.0.4.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xen-devel-0:3.0.3-25.0.4.el5.ia64",
                "product": {
                  "name": "xen-devel-0:3.0.3-25.0.4.el5.ia64",
                  "product_id": "xen-devel-0:3.0.3-25.0.4.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen-devel@3.0.3-25.0.4.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xen-0:3.0.3-25.0.4.el5.ia64",
                "product": {
                  "name": "xen-0:3.0.3-25.0.4.el5.ia64",
                  "product_id": "xen-0:3.0.3-25.0.4.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen@3.0.3-25.0.4.el5?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-0:3.0.3-25.0.4.el5.ia64",
                "product": {
                  "name": "xen-libs-0:3.0.3-25.0.4.el5.ia64",
                  "product_id": "xen-libs-0:3.0.3-25.0.4.el5.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen-libs@3.0.3-25.0.4.el5?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
                "product": {
                  "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
                  "product_id": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen-debuginfo@3.0.3-25.0.4.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xen-devel-0:3.0.3-25.0.4.el5.x86_64",
                "product": {
                  "name": "xen-devel-0:3.0.3-25.0.4.el5.x86_64",
                  "product_id": "xen-devel-0:3.0.3-25.0.4.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen-devel@3.0.3-25.0.4.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xen-0:3.0.3-25.0.4.el5.x86_64",
                "product": {
                  "name": "xen-0:3.0.3-25.0.4.el5.x86_64",
                  "product_id": "xen-0:3.0.3-25.0.4.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen@3.0.3-25.0.4.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-0:3.0.3-25.0.4.el5.x86_64",
                "product": {
                  "name": "xen-libs-0:3.0.3-25.0.4.el5.x86_64",
                  "product_id": "xen-libs-0:3.0.3-25.0.4.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen-libs@3.0.3-25.0.4.el5?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
                "product": {
                  "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
                  "product_id": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen-debuginfo@3.0.3-25.0.4.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xen-devel-0:3.0.3-25.0.4.el5.i386",
                "product": {
                  "name": "xen-devel-0:3.0.3-25.0.4.el5.i386",
                  "product_id": "xen-devel-0:3.0.3-25.0.4.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen-devel@3.0.3-25.0.4.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xen-0:3.0.3-25.0.4.el5.i386",
                "product": {
                  "name": "xen-0:3.0.3-25.0.4.el5.i386",
                  "product_id": "xen-0:3.0.3-25.0.4.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen@3.0.3-25.0.4.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-0:3.0.3-25.0.4.el5.i386",
                "product": {
                  "name": "xen-libs-0:3.0.3-25.0.4.el5.i386",
                  "product_id": "xen-libs-0:3.0.3-25.0.4.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen-libs@3.0.3-25.0.4.el5?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-0:3.0.3-25.0.4.el5.src",
                "product": {
                  "name": "xen-0:3.0.3-25.0.4.el5.src",
                  "product_id": "xen-0:3.0.3-25.0.4.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xen@3.0.3-25.0.4.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.src as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-0:3.0.3-25.0.4.el5.src"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.src",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop Multi OS (v. 5 client)",
          "product_id": "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Client-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-0:3.0.3-25.0.4.el5.src"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-devel-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-devel-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-devel-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-libs-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-libs-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.src as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-0:3.0.3-25.0.4.el5.src"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.src",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux Virtualization (v. 5 server)",
          "product_id": "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Server-VT"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-0:3.0.3-25.0.4.el5.src"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-devel-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-devel-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-devel-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-devel-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-libs-0:3.0.3-25.0.4.el5.i386"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-libs-0:3.0.3-25.0.4.el5.ia64"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-0:3.0.3-25.0.4.el5.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
        },
        "product_reference": "xen-libs-0:3.0.3-25.0.4.el5.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-1320",
      "discovery_date": "2007-03-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237342"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to \"attempting to mark non-existent regions as dirty,\" aka the \"bitblt\" heap overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xen/qemu Cirrus LGD-54XX \"bitblt\" Heap Overflow",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.src",
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-0:3.0.3-25.0.4.el5.src",
          "5Client:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.src",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-0:3.0.3-25.0.4.el5.src",
          "5Server:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1320"
        },
        {
          "category": "external",
          "summary": "RHBZ#237342",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237342"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1320",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1320"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1320",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1320"
        }
      ],
      "release_date": "2007-04-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-10-02T20:53:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.src",
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-0:3.0.3-25.0.4.el5.src",
            "5Client:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.src",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-0:3.0.3-25.0.4.el5.src",
            "5Server:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0323"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "xen/qemu Cirrus LGD-54XX \"bitblt\" Heap Overflow"
    },
    {
      "cve": "CVE-2007-1321",
      "discovery_date": "2007-03-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237343"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 \"receive\" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled \"NE2000 network driver and the socket code,\" but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xen QEMU NE2000 emulation issues",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.src",
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-0:3.0.3-25.0.4.el5.src",
          "5Client:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.src",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-0:3.0.3-25.0.4.el5.src",
          "5Server:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1321"
        },
        {
          "category": "external",
          "summary": "RHBZ#237343",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237343"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1321",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1321"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1321",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1321"
        }
      ],
      "release_date": "2007-04-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-10-02T20:53:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.src",
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-0:3.0.3-25.0.4.el5.src",
            "5Client:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.src",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-0:3.0.3-25.0.4.el5.src",
            "5Server:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0323"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "xen QEMU NE2000 emulation issues"
    },
    {
      "cve": "CVE-2007-4993",
      "discovery_date": "2007-09-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "302801"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xen guest root can escape to domain 0 through pygrub",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.src",
          "5Client-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-0:3.0.3-25.0.4.el5.src",
          "5Client:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Client:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Client:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Client:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.src",
          "5Server-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-0:3.0.3-25.0.4.el5.src",
          "5Server:xen-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-devel-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-devel-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
          "5Server:xen-libs-0:3.0.3-25.0.4.el5.i386",
          "5Server:xen-libs-0:3.0.3-25.0.4.el5.ia64",
          "5Server:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-4993"
        },
        {
          "category": "external",
          "summary": "RHBZ#302801",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=302801"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4993",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-4993"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4993",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4993"
        }
      ],
      "release_date": "2007-09-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-10-02T20:53:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  \n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
          "product_ids": [
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.src",
            "5Client-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Client-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-0:3.0.3-25.0.4.el5.src",
            "5Client:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Client:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Client:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Client:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.src",
            "5Server-VT:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Server-VT:xen-libs-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-0:3.0.3-25.0.4.el5.src",
            "5Server:xen-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-debuginfo-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-devel-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-devel-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-devel-0:3.0.3-25.0.4.el5.x86_64",
            "5Server:xen-libs-0:3.0.3-25.0.4.el5.i386",
            "5Server:xen-libs-0:3.0.3-25.0.4.el5.ia64",
            "5Server:xen-libs-0:3.0.3-25.0.4.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0323"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "xen guest root can escape to domain 0 through pygrub"
    }
  ]
}

GHSA-793P-RV2Q-QV42

Vulnerability from github – Published: 2022-05-01 17:52 – Updated: 2022-05-01 17:52

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-1321"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-10-30T22:46:00Z",
    "severity": "HIGH"
  },
  "details": "Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 \"receive\" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled \"NE2000 network driver and the socket code,\" but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.",
  "id": "GHSA-793p-rv2q-qv42",
  "modified": "2022-05-01T17:52:29Z",
  "published": "2022-05-01T17:52:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1321"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/35495"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25073"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25095"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27047"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27072"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27103"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27486"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29129"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1018761"
    },
    {
      "type": "WEB",
      "url": "http://taviso.decsystem.org/virtsec.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2007/dsa-1284"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0323.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23731"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1597"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-1321

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-1321

Aliases

CVE-2007-1321

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-1321",
    "description": "Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 \"receive\" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled \"NE2000 network driver and the socket code,\" but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.",
    "id": "GSD-2007-1321",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-1321.html",
      "https://www.debian.org/security/2007/dsa-1284",
      "https://access.redhat.com/errata/RHSA-2007:0323",
      "https://linux.oracle.com/cve/CVE-2007-1321.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-1321"
      ],
      "details": "Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 \"receive\" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled \"NE2000 network driver and the socket code,\" but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.",
      "id": "GSD-2007-1321",
      "modified": "2023-12-13T01:21:40.117226Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-1321",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 \"receive\" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled \"NE2000 network driver and the socket code,\" but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "23731",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23731"
          },
          {
            "name": "MDKSA-2007:203",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
          },
          {
            "name": "FEDORA-2007-2270",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html"
          },
          {
            "name": "27047",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27047"
          },
          {
            "name": "DSA-1284",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2007/dsa-1284"
          },
          {
            "name": "1018761",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1018761"
          },
          {
            "name": "25073",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25073"
          },
          {
            "name": "http://taviso.decsystem.org/virtsec.pdf",
            "refsource": "MISC",
            "url": "http://taviso.decsystem.org/virtsec.pdf"
          },
          {
            "name": "27486",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27486"
          },
          {
            "name": "MDVSA-2008:162",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
          },
          {
            "name": "35495",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/35495"
          },
          {
            "name": "ADV-2007-1597",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/1597"
          },
          {
            "name": "FEDORA-2007-2708",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html"
          },
          {
            "name": "27103",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27103"
          },
          {
            "name": "29129",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29129"
          },
          {
            "name": "RHSA-2007:0323",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0323.html"
          },
          {
            "name": "25095",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25095"
          },
          {
            "name": "27072",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27072"
          },
          {
            "name": "20071030 Clarification on old QEMU/NE2000/Xen issues",
            "refsource": "VIM",
            "url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
          },
          {
            "name": "FEDORA-2007-713",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html"
          },
          {
            "name": "oval:org.mitre.oval:def:9302",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora_core:6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1321"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 \"receive\" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled \"NE2000 network driver and the socket code,\" but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://taviso.decsystem.org/virtsec.pdf",
              "refsource": "MISC",
              "tags": [
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "http://taviso.decsystem.org/virtsec.pdf"
            },
            {
              "name": "DSA-1284",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2007/dsa-1284"
            },
            {
              "name": "RHSA-2007:0323",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0323.html"
            },
            {
              "name": "FEDORA-2007-2270",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html"
            },
            {
              "name": "FEDORA-2007-713",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html"
            },
            {
              "name": "MDKSA-2007:203",
              "refsource": "MANDRIVA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
            },
            {
              "name": "20071030 Clarification on old QEMU/NE2000/Xen issues",
              "refsource": "VIM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
            },
            {
              "name": "23731",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/23731"
            },
            {
              "name": "1018761",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://securitytracker.com/id?1018761"
            },
            {
              "name": "27072",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/27072"
            },
            {
              "name": "27103",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/27103"
            },
            {
              "name": "27486",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/27486"
            },
            {
              "name": "25073",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/25073"
            },
            {
              "name": "25095",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/25095"
            },
            {
              "name": "27047",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/27047"
            },
            {
              "name": "FEDORA-2007-2708",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html"
            },
            {
              "name": "MDVSA-2008:162",
              "refsource": "MANDRIVA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
            },
            {
              "name": "29129",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/29129"
            },
            {
              "name": "ADV-2007-1597",
              "refsource": "VUPEN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1597"
            },
            {
              "name": "35495",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://osvdb.org/35495"
            },
            {
              "name": "oval:org.mitre.oval:def:9302",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2020-12-15T23:52Z",
      "publishedDate": "2007-10-30T22:46Z"
    }
  }
}

CERTA-2007-AVI-197

Vulnerability from certfr_avis - Published: - Updated:

None

Description

De multiples vulnérabilités ont été découvertes dans le logiciel de virtualisation Qemu. L'exploitation de ces vulnérabilités peut conduire à un déni de service (arrêt de la machine virtuelle), au contournement de la politique de sécurité mise en place par Qemu (étanchéité entre le système hôte et la machine virtuelle), ou à l'exécution de code arbitraire sur la machine hôte, depuis la machine virtuelle.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Qemu 0.x

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de mise à jour Debian numéro DSA-1284 du 1 mai 2007	None	vendor-advisory
Bulletin de sécurité Debian DSA 1284 du 01 mai 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eQemu 0.x\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le logiciel de\nvirtualisation Qemu. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut conduire\n\u00e0 un d\u00e9ni de service (arr\u00eat de la machine virtuelle), au contournement\nde la politique de s\u00e9curit\u00e9 mise en place par Qemu (\u00e9tanch\u00e9it\u00e9 entre le\nsyst\u00e8me h\u00f4te et la machine virtuelle), ou \u00e0 l\u0027ex\u00e9cution de code\narbitraire sur la machine h\u00f4te, depuis la machine virtuelle.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1321"
    },
    {
      "name": "CVE-2007-1322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1322"
    },
    {
      "name": "CVE-2007-1323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1323"
    },
    {
      "name": "CVE-2007-1320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1320"
    },
    {
      "name": "CVE-2007-1366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1366"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1284 du 01 mai 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1284"
    }
  ],
  "reference": "CERTA-2007-AVI-197",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-05-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s du logiciel Qemu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de mise \u00e0 jour Debian num\u00e9ro DSA-1284 du 1 mai 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-197

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Qemu 0.x

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de mise à jour Debian numéro DSA-1284 du 1 mai 2007	None	vendor-advisory
Bulletin de sécurité Debian DSA 1284 du 01 mai 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eQemu 0.x\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le logiciel de\nvirtualisation Qemu. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut conduire\n\u00e0 un d\u00e9ni de service (arr\u00eat de la machine virtuelle), au contournement\nde la politique de s\u00e9curit\u00e9 mise en place par Qemu (\u00e9tanch\u00e9it\u00e9 entre le\nsyst\u00e8me h\u00f4te et la machine virtuelle), ou \u00e0 l\u0027ex\u00e9cution de code\narbitraire sur la machine h\u00f4te, depuis la machine virtuelle.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1321"
    },
    {
      "name": "CVE-2007-1322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1322"
    },
    {
      "name": "CVE-2007-1323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1323"
    },
    {
      "name": "CVE-2007-1320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1320"
    },
    {
      "name": "CVE-2007-1366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1366"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1284 du 01 mai 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1284"
    }
  ],
  "reference": "CERTA-2007-AVI-197",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-05-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s du logiciel Qemu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de mise \u00e0 jour Debian num\u00e9ro DSA-1284 du 1 mai 2007",
      "url": null
    }
  ]
}

FKIE_CVE-2007-1321

Vulnerability from fkie_nvd - Published: 2007-10-30 22:46 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/35495	Broken Link
cve@mitre.org	http://secunia.com/advisories/25073	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/25095	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/27047	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/27072	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/27103	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/27486	Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/29129	Third Party Advisory
cve@mitre.org	http://securitytracker.com/id?1018761	Third Party Advisory, VDB Entry
cve@mitre.org	http://taviso.decsystem.org/virtsec.pdf	Technical Description, Third Party Advisory
cve@mitre.org	http://www.attrition.org/pipermail/vim/2007-October/001842.html	Third Party Advisory
cve@mitre.org	http://www.debian.org/security/2007/dsa-1284	Third Party Advisory
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2007:203	Third Party Advisory
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:162	Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2007-0323.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/23731	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vupen.com/english/advisories/2007/1597	Third Party Advisory
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302	Third Party Advisory
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html	Third Party Advisory
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html	Third Party Advisory
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/35495	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25073	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25095	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27047	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27072	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27103	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27486	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29129	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018761	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://taviso.decsystem.org/virtsec.pdf	Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.attrition.org/pipermail/vim/2007-October/001842.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2007/dsa-1284	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2007:203	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:162	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2007-0323.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23731	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1597	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html	Third Party Advisory

Impacted products

Vendor	Product	Version
qemu	qemu	0.8.2
xen	xen	-
fedoraproject	fedora	7
fedoraproject	fedora_core	6
debian	debian_linux	3.1
debian	debian_linux	4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27650033-1C9F-4175-A26F-D9082A36F079",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFA1950D-1D9F-4401-AA86-CF3028EFD286",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3EFD171-01F7-450B-B6F3-0F7E443A2337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora_core:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B77298D3-CFD9-4DF0-954E-090A830256B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 \"receive\" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled \"NE2000 network driver and the socket code,\" but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730."
    },
    {
      "lang": "es",
      "value": "Un error en la propiedad signedness de enteros en el emulador NE2000 en QEMU versi\u00f3n 0.8.2, tal y como es usado en Xen y posiblemente otros productos, permite a usuarios locales desencadenar un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria por medio de ciertos valores de registro que omiten las comprobaciones de saneamiento, tambi\u00e9n se conoce como error en la propiedad signedness de enteros \"receive\" de QEMU NE2000. NOTA: este identificador fue usado inadvertidamente por algunas fuentes para cubrir m\u00faltiples problemas que fueron etiquetados como \"NE2000 network driver and the socket code\u201d, pero se han creado identificadores separados para las vulnerabilidades individuales ya que existen algunas veces diferentes correcciones; consulte CVE-2007-5729 y CVE-2007-5730."
    }
  ],
  "id": "CVE-2007-1321",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-30T22:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/35495"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/25073"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/25095"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27047"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27072"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27103"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27486"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29129"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1018761"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://taviso.decsystem.org/virtsec.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2007/dsa-1284"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0323.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/23731"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1597"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/35495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/25073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/25095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/27486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/29129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1018761"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "http://taviso.decsystem.org/virtsec.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.attrition.org/pipermail/vim/2007-October/001842.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2007/dsa-1284"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0323.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/23731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/1597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-1321 (GCVE-0-2007-1321)

RHSA-2007:0323

RHSA-2007_0323

GHSA-793P-RV2Q-QV42

GSD-2007-1321

CERTA-2007-AVI-197

Description

Solution

CERTA-2007-AVI-197

Description

Solution

FKIE_CVE-2007-1321

Tags

Sightings

Nomenclature