FreeBSD : NVIDIA UNIX driver -- ARGB cursor buffer overflow in 'NoScanout' mode (1431f2d6-a06e-11e2-b9e0-001636d274f3)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

NVIDIA Unix security team reports :

When the NVIDIA driver for the X Window System is operated in
'NoScanout' mode, and an X client installs an ARGB cursor that is
larger than the expected size (64x64 or 256x256, depending on the
driver version), the driver will overflow a buffer. This can cause a
denial of service (e.g., an X server segmentation fault), or could be
exploited to achieve arbitrary code execution. Because the X server
runs as setuid root in many configurations, an attacker could
potentially use this vulnerability in those configurations to gain
root privileges.

See also :

http://nvidia.custhelp.com/app/answers/detail/a_id/3290
http://www.nessus.org/u?820f9afd

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 65935 ()

Bugtraq ID:

CVE ID: CVE-2013-0131

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now