FreeBSD : NVIDIA UNIX driver -- ARGB cursor buffer overflow in 'NoScanout' mode (1431f2d6-a06e-11e2-b9e0-001636d274f3)

high Nessus Plugin ID 65935

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

NVIDIA Unix security team reports :

When the NVIDIA driver for the X Window System is operated in 'NoScanout' mode, and an X client installs an ARGB cursor that is larger than the expected size (64x64 or 256x256, depending on the driver version), the driver will overflow a buffer. This can cause a denial of service (e.g., an X server segmentation fault), or could be exploited to achieve arbitrary code execution. Because the X server runs as setuid root in many configurations, an attacker could potentially use this vulnerability in those configurations to gain root privileges.

Solution

Update the affected packages.

See Also

https://nvidia.custhelp.com/app/answers/detail/a_id/3290

http://www.nessus.org/u?2b639cf3

Plugin Details

Severity: High

ID: 65935

File Name: freebsd_pkg_1431f2d6a06e11e2b9e0001636d274f3.nasl

Version: 1.7

Type: local

Published: 4/12/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.1

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:nvidia-driver, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/8/2013

Vulnerability Publication Date: 3/27/2013

Reference Information

CVE: CVE-2013-0131