Nvidia Unix GPU Driver ARGB Cursor Buffer Overflow Vulnerability

Discussion in 'News Aggregator' started by Mr. Penguin, 7 Apr 2013.

  1. Mr. Penguin

    Mr. Penguin Administrator
    Staff Member Admin Moderator VIP

    Joined:
    18 May 2012
    Messages:
    3,087
    Likes Received:
    1,187
    Trophy Points:
    351
    Nvidia driver for X window system contains ARGB Cursor buffer overflow vulnerability in "NoScanout" mode. Nvidia security adivisory states that when driver for X system operated in "NoScanout " mode, X client tends to install an ARGB cursor larger then expected size ,causing buffer overflow. It can be used to cause denial of service and exploited to achieve arbitrary code execution.

    [​IMG]

    Xserver runs at root privileges so exploiting this vulnerability enables attacker to gain root privileges. Xservers only accept authenticated connections from local machine, but can be configured to accept connections without authentication and allow connection over network. The vulnerability present since driver version 195.22. Nvidia suggests to upgrade to new version or disable NoScanout mode if possible.

    User must download and install the drivers from Nvidia. The vulnerability registered under CVE-2013-0131.

    Original Thread @ thehackernews: http://news.thehackernews.com/nvidia-unix-gpu-driver-argb-cursor-buffer-overflow-vulnerability
     
Loading...
  • About Us

    We are a community mixed with professionals and beginners with an interest in wireless security, auditing and pentesting. Feel free to check out and upload resources.


    You can also find us on: Twitter and Facebook

  • Donate to Us

    Did you find our forums useful? Feel free to donate Bitcoin to us using the form below. Those who donate the equivlent of $10 USD or more will be upgraded to VIP membership. Don't have Bitcoin? Use your credit card to GO VIP here. Don't want to fork out some coin? There are other ways to GO VIP. Bitcoin: 1LMTGSoTyJWXuy2mQkHfgMzD7ez74x1Z8K