FreeBSD : NVIDIA UNIX driver -- arbitrary root code execution vulnerability (a6d9da4a-5d5e-11db-8faf-000c6ec775d9)

This script is Copyright (C) 2006-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Rapid7 reports :

The NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer
overflow that allows an attacker to run arbitrary code as root. This
bug can be exploited both locally or remotely (via a remote X client
or an X client which visits a malicious web page). A working
proof-of-concept root exploit is included with this advisory.

The NVIDIA drivers for Solaris and FreeBSD are also likely to be
vulnerable.

Disabling Render acceleration in the 'nvidia' driver, via the
'RenderAccel' X configuration option, can be used as a workaround for
this issue.

See also :

http://www.nessus.org/u?cd253bbf
http://www.rapid7.com/advisories/R7-0025.jsp
http://www.nessus.org/u?8cd61f21

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 22911 (freebsd_pkg_a6d9da4a5d5e11db8faf000c6ec775d9.nasl)

Bugtraq ID:

CVE ID: CVE-2006-5379

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now