Nvidia driver for X window system contains ARGB Cursor buffer overflow vulnerability in "NoScanout" mode. Nvidia security adivisory states that when driver for X system operated in "NoScanout " mode, X client tends to install an ARGB cursor larger then expected size ,causing buffer overflow. It can be used to cause denial of service and exploited to achieve arbitrary code execution. Xserver runs at root privileges so exploiting this vulnerability enables attacker to gain root privileges. Xservers only accept authenticated connections from local machine, but can be configured to accept connections without authentication and allow connection over network. The vulnerability present since driver version 195.22.Nvidia suggests to upgrade to new version or disable NoScanout mode if possible. User must download and install the drivers from Nvidia. The vulnerability registered under CVE-2013-0131.
April 6, 2013, 6:45 pm by
Most Recent Articles
Follow us on Facebook