| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Aug 2007 08:57:07 +0800
From: "Eduardo Tongson" <propolice@...il.com>
To: gentoo-announce@...too.org, bugtraq@...urityfocus.com,
full-disclosure@...ts.grok.org.uk, security-alerts@...uxsecurity.com
Subject: Re: [ GLSA 200708-14 ] NVIDIA drivers: Denial of
Service
On 8/20/07, Raphael Marichez <falco@...too.org> wrote:
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Gentoo Linux Security Advisory GLSA 200708-14
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> http://security.gentoo.org/
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> Severity: Normal
> Title: NVIDIA drivers: Denial of Service
> Date: August 19, 2007
> Bugs: #183567
> ID: 200708-14
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> Synopsis
> ========
>
> A vulnerability has been discovered in the NVIDIA graphic drivers,
> allowing for a Denial of Service.
>
> Background
> ==========
>
> The NVIDIA drivers provide support for NVIDIA graphic boards.
>
> Affected packages
> =================
>
> -------------------------------------------------------------------
> Package / Vulnerable / Unaffected
> -------------------------------------------------------------------
> 1 x11-drivers/nvidia-drivers < 100.14.09 >= 100.14.09
> *>= 1.0.9639
> *>= 1.0.7185
>
> Description
> ===========
>
> Gregory Shikhman discovered that the default Gentoo setup of NVIDIA
> drivers creates the /dev/nvidia* with insecure file permissions.
>
> Impact
> ======
>
> A local attacker could send arbitrary values into the devices, possibly
> resulting in hardware damage on the graphic board or a Denial of
> Service.
>
> Workaround
> ==========
>
> There is no known workaround at this time.
>
> Resolution
> ==========
>
> All NVIDIA drivers users should upgrade to the latest version:
>
> # emerge --sync
> # emerge --ask --oneshot --verbose "x11-drivers/nvidia-drivers"
>
> References
> ==========
>
> [ 1 ] CVE-2007-3532
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3532
>
> Availability
> ============
>
> This GLSA and any updates to it are available for viewing at
> the Gentoo Security Website:
>
> http://security.gentoo.org/glsa/glsa-200708-14.xml
>
> Concerns?
> =========
>
> Security is a primary focus of Gentoo Linux and ensuring the
> confidentiality and security of our users machines is of utmost
> importance to us. Any security concerns should be addressed to
> security@...too.org or alternatively, you may file a bug at
> http://bugs.gentoo.org.
>
> License
> =======
>
> Copyright 2007 Gentoo Foundation, Inc; referenced text
> belongs to its owner(s).
>
> The contents of this document are licensed under the
> Creative Commons - Attribution / Share Alike license.
>
> http://creativecommons.org/licenses/by-sa/2.5
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
--
pǝ
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists