Note: This is an archival copy of Security Sun Alert 200425 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000308.1.
Article ID : 1000308.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2006-11-01
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability With Graphics Driver for Solaris 10 and Linux on Certain Systems



Category
Security

Release Phase
Resolved

Product
Sun Ultra 20 Workstation
Sun Ultra 20 M2 Workstation
Sun Ultra 40 Workstation

Bug Id
None

Date of Resolved Release
02-NOV-2006

Impact

A Security vulnerability in the Nvidia Graphics driver for Solaris 10 and Linux (both pre-install and CD versions) may allow a local or remote unprivileged user to run arbitrary code as root, due to a buffer overflow.

Additional information describing this issue can be found in the following document:

Security Advisory R7-0025 at http://download2.rapid7.com/r7-0025/

Note: Not all versions of the the Nvidia driver prior to those mentioned in the "Resolution" section of this Sun Alert are vulnerable to this issue. Please see the "Contributing Factors" section below for the affected versions.


Contributing Factors

This issue can occur in the following releases:

x86/x64 Platforms

  • Nvidia Graphics Driver (for Solaris 10) versions 1.0-8762 and 1.0-8774

Linux Platform

  • Nvidia Graphics Driver versions 1.0-8762 and 1.0-8774

on the following systems:

  • Ultra 20, Ultra 20M2
  • Ultra 40

Notes:

  1. The SPARC platform is not affected by this issue, as Nvidia cards are not used on those platforms.
  2. The Nvidia Graphics Driver is shipped with the Sun hardware mentioned in this section.
  3. The Ultra 40M2 platform is not affected by this issue, as this system will ship with updated drivers.

To determine the Nvidia driver version on a Solaris or Linux system, the following command can be run:

    # grep -i Nvidia /var/log/Xorg.0.log
    (--) PCI:*(130:0:0) nVidia Corporation unknown chipset (0x014e)
    rev 162, Mem @ 0xd4000000/26, 0xd8000000/27, 0xd1000000/24
    (II) Module glx: vendor="NVIDIA Corporation"
    (II) LoadModule: "nvidia"
    (II) Loading /usr/X11R6/lib64/modules/drivers/nvidia_drv.so
    (II) Module nvidia: vendor="NVIDIA Corporation"
    (II) NVIDIA dlloader X Driver  1.0-8776  Mon Oct 16 21:55:22 PDT 2006

Note: RHEL3 uses /var/log/XFree86.0.log


Symptoms

There are no predictable symptoms that would indicate the described vulnerability has been exploited.


Workaround

There is no workaround for this issue. Please see the Resolution section below.


Resolution

This issue is addressed in the following releases:

x86/x64 Platforms

  • Nvidia Graphics Driver (for Solaris 10) version 1.0-8776

Linux Platform

  • Nvidia Graphics Driver version 1.0-8776

The 1.2 "Tools and Drivers" CD for the Ultra 20 M2, the 1.5a Supplemental CD for the Ultra 20, and the 1.4a "Tools and Drivers" CD for the Ultra 40 contain the 1.0-8776 drivers, and can be downloaded from the following sites:

Ultra 20, Ultra 20M2:

http://www.sun.com/desktop/workstation/ultra20/downloads.jsp

Ultra 40:

http://www.sun.com/desktop/workstation/ultra40/downloads.jsp















Attachments
This solution has no attachment