Note: This is an archival copy of Security Sun Alert 200425 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000308.1.
Sun Ultra 20 Workstation
Sun Ultra 20 M2 Workstation
Sun Ultra 40 Workstation
Date of Resolved Release
A Security vulnerability in the Nvidia Graphics driver for Solaris 10 and Linux (both pre-install and CD versions) may allow a local or remote unprivileged user to run arbitrary code as root, due to a buffer overflow.
Additional information describing this issue can be found in the following document:
Security Advisory R7-0025 at http://download2.rapid7.com/r7-0025/
Note: Not all versions of the the Nvidia driver prior to those mentioned in the "Resolution" section of this Sun Alert are vulnerable to this issue. Please see the "Contributing Factors" section below for the affected versions.
This issue can occur in the following releases:
on the following systems:
To determine the Nvidia driver version on a Solaris or Linux system, the following command can be run:
# grep -i Nvidia /var/log/Xorg.0.log (--) PCI:*(130:0:0) nVidia Corporation unknown chipset (0x014e) rev 162, Mem @ 0xd4000000/26, 0xd8000000/27, 0xd1000000/24 (II) Module glx: vendor="NVIDIA Corporation" (II) LoadModule: "nvidia" (II) Loading /usr/X11R6/lib64/modules/drivers/nvidia_drv.so (II) Module nvidia: vendor="NVIDIA Corporation" (II) NVIDIA dlloader X Driver 1.0-8776 Mon Oct 16 21:55:22 PDT 2006
Note: RHEL3 uses /var/log/XFree86.0.log
There are no predictable symptoms that would indicate the described vulnerability has been exploited.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following releases:
The 1.2 "Tools and Drivers" CD for the Ultra 20 M2, the 1.5a Supplemental CD for the Ultra 20, and the 1.4a "Tools and Drivers" CD for the Ultra 40 contain the 1.0-8776 drivers, and can be downloaded from the following sites:
Ultra 20, Ultra 20M2:
This solution has no attachment