FreeBSD : NVIDIA UNIX driver -- ARGB cursor buffer overflow in 'NoScanout' mode (1431f2d6-a06e-11e2-b9e0-001636d274f3)

High Nessus Plugin ID 65935


The remote FreeBSD host is missing one or more security-related updates.


NVIDIA Unix security team reports :

When the NVIDIA driver for the X Window System is operated in 'NoScanout' mode, and an X client installs an ARGB cursor that is larger than the expected size (64x64 or 256x256, depending on the driver version), the driver will overflow a buffer. This can cause a denial of service (e.g., an X server segmentation fault), or could be exploited to achieve arbitrary code execution. Because the X server runs as setuid root in many configurations, an attacker could potentially use this vulnerability in those configurations to gain root privileges.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 65935

File Name: freebsd_pkg_1431f2d6a06e11e2b9e0001636d274f3.nasl

Version: $Revision: 1.3 $

Type: local

Published: 2013/04/12

Modified: 2013/06/23

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.1

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:nvidia-driver, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2013/04/08

Vulnerability Publication Date: 2013/03/27

Reference Information

CVE: CVE-2013-0131