Executive Summary
Summary | |
---|---|
Title | NVIDIA graphics drivers vulnerability |
Informations | |||
---|---|---|---|
Name | USN-1799-1 | First vendor Publication | 2013-04-10 |
Vendor | Ubuntu | Last vendor Modification | 2013-04-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 3.9 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: NVIDIA graphics drivers could be made to run programs as an administrator. Software Description: - nvidia-graphics-drivers: NVIDIA binary Xorg driver - nvidia-graphics-drivers-updates: NVIDIA binary Xorg driver - nvidia-settings: Tool for configuring the NVIDIA graphics driver - nvidia-settings-updates: Tool for configuring the NVIDIA graphics driver Details: It was discovered that the NVIDIA graphics drivers incorrectly handled large ARGB cursors. A local attacker could use this issue to gain root privileges. The NVIDIA graphics drivers have been updated to 304.88 to fix this issue. In addition to the security fix, the updated packages contain bug fixes, new features, and possibly incompatible changes. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: Ubuntu 12.04 LTS: After a standard system update you need to reboot your computer to make all the necessary changes. References: Package Information: https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/304.88-0ubuntu0.1 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-updates/304.88-0ubuntu0.1 https://launchpad.net/ubuntu/+source/nvidia-settings-updates/304.88-0ubuntu0.2 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers/304.88-0ubuntu0.0.2 https://launchpad.net/ubuntu/+source/nvidia-graphics-drivers-updates/304.88-0ubuntu0.0.1 https://launchpad.net/ubuntu/+source/nvidia-settings-updates/304.88-0ubuntu0.0.2 |
Original Source
Url : http://www.ubuntu.com/usn/USN-1799-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18371 | |||
Oval ID: | oval:org.mitre.oval:def:18371 | ||
Title: | USN-1799-1 -- nvidia-graphics-drivers, nvidia-graphics-drivers-updates, nvidia-settings, nvidia-settings-updates vulnerability | ||
Description: | NVIDIA graphics drivers could be made to run programs as an administrator 2E Software Description: - nvidia-graphics-drivers: NVIDIA binary Xorg driver - nvidia-graphics-drivers-updates: NVIDIA binary Xorg driver - nvidia-settings: Tool for configuring the NVIDIA graphics driver - nvidia-settings-updates: Tool for configuring the NVIDIA graphics drive r Details: It was discovered that the NVIDIA graphics drivers incorrectly handled large ARGB cursors. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1799-1 CVE-2013-0131 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 | Product(s): | nvidia-graphics-drivers nvidia-graphics-drivers-updates nvidia-settings nvidia-settings-updates |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-04-12 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1431f2d6a06e11e2b9e0001636d274f3.nasl - Type : ACT_GATHER_INFO |
2013-04-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1799-1.nasl - Type : ACT_GATHER_INFO |
2013-04-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201304-01.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:01:49 |
|
2013-04-10 17:18:38 |
|