FreeBSD : NVIDIA UNIX driver -- remote denial of service or arbitrary code execution (fdf72a0e-8371-11e4-bc20-001636d274f3)

High Nessus Plugin ID 79958


The remote FreeBSD host is missing one or more security-related updates.


NVIDIA Unix security team reports :

The GLX indirect rendering support supplied on NVIDIA products is subject to the recently disclosed X.Org vulnerabilities (CVE-2014-8093, CVE-2014-8098) as well as internally identified vulnerabilities (CVE-2014-8298).

Depending on how it is configured, the X server typically runs with raised privileges, and listens for GLX indirect rendering protocol requests from a local socket and potentially a TCP/IP port. The vulnerabilities could be exploited in a way that causes the X server to access uninitialized memory or overwrite arbitrary memory in the X server process. This can cause a denial of service (e.g., an X server segmentation fault), or could be exploited to achieve arbitrary code execution.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 79958

File Name: freebsd_pkg_fdf72a0e837111e4bc20001636d274f3.nasl

Version: $Revision: 1.1 $

Type: local

Published: 2014/12/15

Modified: 2014/12/15

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:nvidia-driver, p-cpe:/a:freebsd:freebsd:nvidia-driver-173, p-cpe:/a:freebsd:freebsd:nvidia-driver-304, p-cpe:/a:freebsd:freebsd:nvidia-driver-71, p-cpe:/a:freebsd:freebsd:nvidia-driver-96, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2014/12/14

Vulnerability Publication Date: 2014/12/03

Reference Information

CVE: CVE-2014-8093, CVE-2014-8098, CVE-2014-8298