FreeBSD : NVIDIA UNIX driver -- arbitrary root code execution vulnerability (a6d9da4a-5d5e-11db-8faf-000c6ec775d9)

high Nessus Plugin ID 22911

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Rapid7 reports :

The NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. This bug can be exploited both locally or remotely (via a remote X client or an X client which visits a malicious web page). A working proof-of-concept root exploit is included with this advisory.

The NVIDIA drivers for Solaris and FreeBSD are also likely to be vulnerable.

Disabling Render acceleration in the 'nvidia' driver, via the 'RenderAccel' X configuration option, can be used as a workaround for this issue.

Solution

Update the affected package.

See Also

https://nvidia.custhelp.com/app/answers/detail/a_id/1971

https://help.rapid7.com/?community#/?tags=disclosure

http://www.nessus.org/u?d86c6c45

Plugin Details

Severity: High

ID: 22911

File Name: freebsd_pkg_a6d9da4a5d5e11db8faf000c6ec775d9.nasl

Version: 1.16

Type: local

Published: 10/25/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:nvidia-driver, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/16/2006

Vulnerability Publication Date: 10/16/2006

Reference Information

CVE: CVE-2006-5379

CERT: 147252

Secunia: 22419