Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition | |||
|
|
Solution Type Sun Alert Sure Solution 1000308.1 : Security Vulnerability With Graphics Driver for Solaris 10 and Linux on Certain Systems
PreviouslyPublishedAs 200425 Product Sun Ultra 20 Workstation Sun Ultra 20 M2 Workstation Sun Ultra 40 Workstation Bug Id None Date of Resolved Release 02-NOV-2006 Impact A Security vulnerability in the Nvidia Graphics driver for Solaris 10 and Linux (both pre-install and CD versions) may allow a local or remote unprivileged user to run arbitrary code as root, due to a buffer overflow. Additional information describing this issue can be found in the following document: Security Advisory R7-0025 at http://download2.rapid7.com/r7-0025/ Note: Not all versions of the the Nvidia driver prior to those mentioned in the "Resolution" section of this Sun Alert are vulnerable to this issue. Please see the "Contributing Factors" section below for the affected versions. Contributing Factors This issue can occur in the following releases: x86/x64 Platforms
Linux Platform
on the following systems:
Notes:
To determine the Nvidia driver version on a Solaris or Linux system, the following command can be run: # grep -i Nvidia /var/log/Xorg.0.log (--) PCI:*(130:0:0) nVidia Corporation unknown chipset (0x014e) rev 162, Mem @ 0xd4000000/26, 0xd8000000/27, 0xd1000000/24 (II) Module glx: vendor="NVIDIA Corporation" (II) LoadModule: "nvidia" (II) Loading /usr/X11R6/lib64/modules/drivers/nvidia_drv.so (II) Module nvidia: vendor="NVIDIA Corporation" (II) NVIDIA dlloader X Driver 1.0-8776 Mon Oct 16 21:55:22 PDT 2006 Note: RHEL3 uses /var/log/XFree86.0.log Symptoms There are no predictable symptoms that would indicate the described vulnerability has been exploited. Workaround There is no workaround for this issue. Please see the Resolution section below. Resolution This issue is addressed in the following releases: x86/x64 Platforms
Linux Platform
The 1.2 "Tools and Drivers" CD for the Ultra 20 M2, the 1.5a Supplemental CD for the Ultra 20, and the 1.4a "Tools and Drivers" CD for the Ultra 40 contain the 1.0-8776 drivers, and can be downloaded from the following sites: Ultra 20, Ultra 20M2: http://www.sun.com/desktop/workstation/ultra20/downloads.jsp Ultra 40: http://www.sun.com/desktop/workstation/ultra40/downloads.jsp Previously Published As 102693 Internal Comments 1) Workstation pre-install images with updated drivers have been ECO'd for immediate cut-in. Expected cut-in date is no later than Nov 3, 2006. 2) "Tools and Drivers" CD ISOs for all workstation platforms have been created. Sun.com site has been updated and contains updated ISO images & drivers. Physical CDs will be updated with new drivers in the next release cycle. Note: We will not be removing the older versions of the Tools and Drivers CD ISOs because they may contain BIOS images required by some customers. Internal Contributor/submitter Michael.Laflamme@Sun.COM, daryl.hinz@sun.com, pat.judt@sun.com, mike.siciliano@sun.com Internal Eng Business Unit Group NSG (Network Systems Group) Internal Eng Responsible Engineer matthew.koehler@sun.com Internal Services Knowledge Engineer david.mariotto@sun.com Internal Sun Alert Kasp Legacy ID 102693 Internal Sun Alert & FAB Admin Info Critical Category: Security ==> Vulnerability Significant Change Date: 2006-11-02 Avoidance: Upgrade Responsible Manager: Pat.Judt@Sun.COM Attachments This solution has no attachment |
||||||||||||
|