FreeBSD : NVIDIA UNIX driver -- ARGB cursor buffer overflow in 'NoScanout' mode (1431f2d6-a06e-11e2-b9e0-001636d274f3)
High Nessus Plugin ID 65935
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionNVIDIA Unix security team reports :
When the NVIDIA driver for the X Window System is operated in 'NoScanout' mode, and an X client installs an ARGB cursor that is larger than the expected size (64x64 or 256x256, depending on the driver version), the driver will overflow a buffer. This can cause a denial of service (e.g., an X server segmentation fault), or could be exploited to achieve arbitrary code execution. Because the X server runs as setuid root in many configurations, an attacker could potentially use this vulnerability in those configurations to gain root privileges.
SolutionUpdate the affected packages.