GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Aug 19, 2007 11:26 pm Post subject: [ GLSA 200708-14 ] NVIDIA drivers: Denial of Service |
 |
|
Gentoo Linux Security Advisory
Title: NVIDIA drivers: Denial of Service (GLSA 200708-14)
Severity: normal
Exploitable: local
Date: August 19, 2007
Updated: October 11, 2007
Bug(s): #183567
ID: 200708-14
Synopsis
A vulnerability has been discovered in the NVIDIA graphic drivers, allowing for a Denial of Service.
Background
The NVIDIA drivers provide support for NVIDIA graphic boards.
Affected Packages
Package: x11-drivers/nvidia-drivers
Vulnerable: = 100.14.06
Unaffected: >= 71.86.01
Unaffected: >= 1.0.7185 < 1.0.7186
Unaffected: >= 1.0.9639 < 1.0.9640
Architectures: All supported architectures
Description
Gregory Shikhman discovered that the default Gentoo setup of NVIDIA drivers creates the /dev/nvidia* with insecure file permissions.
Impact
A local attacker could send arbitrary values into the devices, possibly resulting in hardware damage on the graphic board or a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All NVIDIA drivers users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose "x11-drivers/nvidia-drivers" |
References
CVE-2007-3532
Last edited by GLSA on Fri Oct 12, 2007 4:19 am; edited 1 time in total |
|
News & Announcements
