subject:"\[Full\-disclosure\] \[ GLSA 200708\-14 \] NVIDIA drivers\: Denial of Service"

Re: [Full-disclosure] [ GLSA 200708-14 ] NVIDIA drivers: Denial of Service

2007-08-19 Thread Eduardo Tongson

On 8/20/07, Raphael Marichez <[EMAIL PROTECTED]> wrote:
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Gentoo Linux Security Advisory   GLSA 200708-14
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> http://security.gentoo.org/
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
>   Severity: Normal
>  Title: NVIDIA drivers: Denial of Service
>   Date: August 19, 2007
>   Bugs: #183567
> ID: 200708-14
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> Synopsis
> 
>
> A vulnerability has been discovered in the NVIDIA graphic drivers,
> allowing for a Denial of Service.
>
> Background
> ==
>
> The NVIDIA drivers provide support for NVIDIA graphic boards.
>
> Affected packages
> =
>
> ---
>  Package /   Vulnerable   / Unaffected
> ---
>   1  x11-drivers/nvidia-drivers  < 100.14.09  >= 100.14.09
>   *>= 1.0.9639
>   *>= 1.0.7185
>
> Description
> ===
>
> Gregory Shikhman discovered that the default Gentoo setup of NVIDIA
> drivers creates the /dev/nvidia* with insecure file permissions.
>
> Impact
> ==
>
> A local attacker could send arbitrary values into the devices, possibly
> resulting in hardware damage on the graphic board or a Denial of
> Service.
>
> Workaround
> ==
>
> There is no known workaround at this time.
>
> Resolution
> ==
>
> All NVIDIA drivers users should upgrade to the latest version:
>
> # emerge --sync
> # emerge --ask --oneshot --verbose "x11-drivers/nvidia-drivers"
>
> References
> ==
>
>   [ 1 ] CVE-2007-3532
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3532
>
> Availability
> 
>
> This GLSA and any updates to it are available for viewing at
> the Gentoo Security Website:
>
>   http://security.gentoo.org/glsa/glsa-200708-14.xml
>
> Concerns?
> =
>
> Security is a primary focus of Gentoo Linux and ensuring the
> confidentiality and security of our users machines is of utmost
> importance to us. Any security concerns should be addressed to
> [EMAIL PROTECTED] or alternatively, you may file a bug at
> http://bugs.gentoo.org.
>
> License
> ===
>
> Copyright 2007 Gentoo Foundation, Inc; referenced text
> belongs to its owner(s).
>
> The contents of this document are licensed under the
> Creative Commons - Attribution / Share Alike license.
>
> http://creativecommons.org/licenses/by-sa/2.5
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>


-- 
pǝ
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] [ GLSA 200708-14 ] NVIDIA drivers: Denial of Service

2007-08-19 Thread Raphael Marichez

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory   GLSA 200708-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
 Title: NVIDIA drivers: Denial of Service
  Date: August 19, 2007
  Bugs: #183567
ID: 200708-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis


A vulnerability has been discovered in the NVIDIA graphic drivers,
allowing for a Denial of Service.

Background
==

The NVIDIA drivers provide support for NVIDIA graphic boards.

Affected packages
=

---
 Package /   Vulnerable   / Unaffected
---
  1  x11-drivers/nvidia-drivers  < 100.14.09  >= 100.14.09
  *>= 1.0.9639
  *>= 1.0.7185

Description
===

Gregory Shikhman discovered that the default Gentoo setup of NVIDIA
drivers creates the /dev/nvidia* with insecure file permissions.

Impact
==

A local attacker could send arbitrary values into the devices, possibly
resulting in hardware damage on the graphic board or a Denial of
Service.

Workaround
==

There is no known workaround at this time.

Resolution
==

All NVIDIA drivers users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose "x11-drivers/nvidia-drivers"

References
==

  [ 1 ] CVE-2007-3532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3532

Availability


This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200708-14.xml

Concerns?
=

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[EMAIL PROTECTED] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
===

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


pgpJ6FvzEHOAo.pgp
Description: PGP signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] [ GLSA 200708-14 ] NVIDIA drivers: Denial of Service

[Full-disclosure] [ GLSA 200708-14 ] NVIDIA drivers: Denial of Service

2 matches

Site Navigation

Mail list logo

Footer information