FreeBSD : NVIDIA UNIX driver -- remote denial of service or arbitrary code execution (fdf72a0e-8371-11e4-bc20-001636d274f3)
High Nessus Plugin ID 79958
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionNVIDIA Unix security team reports :
The GLX indirect rendering support supplied on NVIDIA products is subject to the recently disclosed X.Org vulnerabilities (CVE-2014-8093, CVE-2014-8098) as well as internally identified vulnerabilities (CVE-2014-8298).
Depending on how it is configured, the X server typically runs with raised privileges, and listens for GLX indirect rendering protocol requests from a local socket and potentially a TCP/IP port. The vulnerabilities could be exploited in a way that causes the X server to access uninitialized memory or overwrite arbitrary memory in the X server process. This can cause a denial of service (e.g., an X server segmentation fault), or could be exploited to achieve arbitrary code execution.
SolutionUpdate the affected packages.