thr3ads.net - Secure testing team - [Secure-testing-team] Bug#684781: nvidia-glx: exploitable privilege escalation [Aug 2012]

If this information is useful, please help other people find it:
Share via:

Andreas Beckmann

2012-Aug-13 19:27 UTC

[Secure-testing-team] Bug#684781: nvidia-glx: exploitable privilege escalation

Package: nvidia-glx
Version: 195.36.31-6
Severity: grave
Tags: security
Justification: user security hole

There is another privilege escalation in the Nvidia binary driver.
Nvidia Advisory: http://nvidia.custhelp.com/app/answers/detail/a_id/3140
Initial disclosure of the vulnerability:
  http://permalink.gmane.org/gmane.comp.security.full-disclosure/86747
CVE not assigned or unknown

affected:
  squeeze
    nvidia-graphics-drivers (195.36.31-6, 195.36.31-6squeeze1)
    nvidia-graphics-modules (195.36.31+2, 195.36.31+3)
    nvidia-graphics-drivers-legacy-173xx (173.14.27-2)
  squeeze-backports
    nvidia-graphics-drivers (295.59-1~bpo60+1)
    nvidia-graphics-drivers-legacy-173xx (173.14.35-1~bpo60+1)
  wheezy/sid
    nvidia-graphics-drivers (302.17-3)
    nvidia-graphics-modules (302.17+1, 302.17+2)
    nvidia-graphics-drivers-legacy-173xx (173.14.35-2)

probably unaffected:
  nvidia-graphics-drivers-legacy-96xx (squeeze only)

fixed (according to Nvidia Advisory):
  304.32 (beta)
    experimental (304.32-1)
  295.71 (long term stable branch)

patch for older versions available, but may disable some fucntionality
(e.g. CUDA debugger)


Andreas

Secure testing team - Aug 2012 - Bug#684781: nvidia-glx: exploitable privilege escalation

[Secure-testing-team] Bug#684781: nvidia-glx: exploitable privilege escalation