Detections
Analytics

FreeBSD : NVIDIA UNIX driver -- remote denial of service or arbitrary code execution (fdf72a0e-8371-11e4-bc20-001636d274f3)

high Nessus Plugin ID 79958

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

NVIDIA Unix security team reports :

The GLX indirect rendering support supplied on NVIDIA products is subject to the recently disclosed X.Org vulnerabilities (CVE-2014-8093, CVE-2014-8098) as well as internally identified vulnerabilities (CVE-2014-8298).

Depending on how it is configured, the X server typically runs with raised privileges, and listens for GLX indirect rendering protocol requests from a local socket and potentially a TCP/IP port. The vulnerabilities could be exploited in a way that causes the X server to access uninitialized memory or overwrite arbitrary memory in the X server process. This can cause a denial of service (e.g., an X server segmentation fault), or could be exploited to achieve arbitrary code execution.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?0e767b03

Plugin Details

Severity: High

ID: 79958

File Name: freebsd_pkg_fdf72a0e837111e4bc20001636d274f3.nasl

Version: 1.4

Type: local

Published: 12/15/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:nvidia-driver, p-cpe:/a:freebsd:freebsd:nvidia-driver-173, p-cpe:/a:freebsd:freebsd:nvidia-driver-304, p-cpe:/a:freebsd:freebsd:nvidia-driver-71, p-cpe:/a:freebsd:freebsd:nvidia-driver-96, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/14/2014

Vulnerability Publication Date: 12/3/2014

Reference Information

CVE: CVE-2014-8093, CVE-2014-8098, CVE-2014-8298