Debian Bochs vulnerabilities

CVE-2009-3736 [MEDIUM] CVE-2009-3736: bochs - ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham ... ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2007-2893 [HIGH] CVE-2007-2893: bochs - Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc ... Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow." Sco

CVE-2007-2894 [LOW] CVE-2007-2894: bochs - The emulated floppy disk controller in Bochs 2.3 allows local users of the guest... The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2004-2372 [HIGH] CVE-2004-2372: bochs - Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users t... Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability. Scope: local book