Sun Microsystems, Inc.  Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-77-1000308.1
Update Date:2011-01-04
Keywords:

Solution Type  Sun Alert Sure

Solution  1000308.1 :   Security Vulnerability With Graphics Driver for Solaris 10 and Linux on Certain Systems  


Related Items
  • Sun Ultra 20 Workstation
  •  
  • Sun Ultra 20 M2 Workstation
  •  
  • Sun Ultra 40 Workstation
  •  
Related Categories
  • GCS>Sun Microsystems>Sun Alert>Criteria Category>Security
  •  
  • GCS>Sun Microsystems>Sun Alert>Release Phase>Resolved
  •  

PreviouslyPublishedAs
200425


Product
Sun Ultra 20 Workstation
Sun Ultra 20 M2 Workstation
Sun Ultra 40 Workstation

Bug Id
None

Date of Resolved Release
02-NOV-2006

Impact

A Security vulnerability in the Nvidia Graphics driver for Solaris 10 and Linux (both pre-install and CD versions) may allow a local or remote unprivileged user to run arbitrary code as root, due to a buffer overflow.

Additional information describing this issue can be found in the following document:

Security Advisory R7-0025 at http://download2.rapid7.com/r7-0025/

Note: Not all versions of the the Nvidia driver prior to those mentioned in the "Resolution" section of this Sun Alert are vulnerable to this issue. Please see the "Contributing Factors" section below for the affected versions.


Contributing Factors

This issue can occur in the following releases:

x86/x64 Platforms

  • Nvidia Graphics Driver (for Solaris 10) versions 1.0-8762 and 1.0-8774

Linux Platform

  • Nvidia Graphics Driver versions 1.0-8762 and 1.0-8774

on the following systems:

  • Ultra 20, Ultra 20M2
  • Ultra 40

Notes:

  1. The SPARC platform is not affected by this issue, as Nvidia cards are not used on those platforms.
  2. The Nvidia Graphics Driver is shipped with the Sun hardware mentioned in this section.
  3. The Ultra 40M2 platform is not affected by this issue, as this system will ship with updated drivers.

To determine the Nvidia driver version on a Solaris or Linux system, the following command can be run:

    # grep -i Nvidia /var/log/Xorg.0.log
    (--) PCI:*(130:0:0) nVidia Corporation unknown chipset (0x014e)
    rev 162, Mem @ 0xd4000000/26, 0xd8000000/27, 0xd1000000/24
    (II) Module glx: vendor="NVIDIA Corporation"
    (II) LoadModule: "nvidia"
    (II) Loading /usr/X11R6/lib64/modules/drivers/nvidia_drv.so
    (II) Module nvidia: vendor="NVIDIA Corporation"
    (II) NVIDIA dlloader X Driver  1.0-8776  Mon Oct 16 21:55:22 PDT 2006

Note: RHEL3 uses /var/log/XFree86.0.log


Symptoms

There are no predictable symptoms that would indicate the described vulnerability has been exploited.


Workaround

There is no workaround for this issue. Please see the Resolution section below.


Resolution

This issue is addressed in the following releases:

x86/x64 Platforms

  • Nvidia Graphics Driver (for Solaris 10) version 1.0-8776

Linux Platform

  • Nvidia Graphics Driver version 1.0-8776

The 1.2 "Tools and Drivers" CD for the Ultra 20 M2, the 1.5a Supplemental CD for the Ultra 20, and the 1.4a "Tools and Drivers" CD for the Ultra 40 contain the 1.0-8776 drivers, and can be downloaded from the following sites:

Ultra 20, Ultra 20M2:

http://www.sun.com/desktop/workstation/ultra20/downloads.jsp

Ultra 40:

http://www.sun.com/desktop/workstation/ultra40/downloads.jsp



Previously Published As
102693
Internal Comments
1) Workstation pre-install images with updated drivers have been
ECO'd for immediate cut-in. Expected cut-in date is no later than Nov 3, 2006.
2) "Tools and Drivers" CD ISOs for all workstation platforms have been created.
Sun.com site has been updated and contains updated ISO images & drivers.
Physical CDs will be updated with new drivers in the next release cycle.
Note: We will not be removing the
older versions of the Tools and Drivers CD ISOs because they may contain BIOS images
required by some customers.
Internal Contributor/submitter
Michael.Laflamme@Sun.COM, daryl.hinz@sun.com, pat.judt@sun.com, mike.siciliano@sun.com
Internal Eng Business Unit Group
NSG (Network Systems Group)
Internal Eng Responsible Engineer
matthew.koehler@sun.com
Internal Services Knowledge Engineer
david.mariotto@sun.com
Internal Sun Alert Kasp Legacy ID
102693
Internal Sun Alert & FAB Admin Info
Critical Category: Security ==> Vulnerability
Significant Change Date: 2006-11-02
Avoidance: Upgrade
Responsible Manager: Pat.Judt@Sun.COM

Attachments
This solution has no attachment
  Copyright © 2011 Sun Microsystems, Inc.  All rights reserved.
 Feedback