GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Jul 25, 2007 12:26 am Post subject: [ GLSA 200707-08 ] NVClock: Insecure file usage |
|
|
Gentoo Linux Security Advisory
Title: NVClock: Insecure file usage (GLSA 200707-08)
Severity: normal
Exploitable: local
Date: July 24, 2007
Bug(s): #184071
ID: 200707-08
Synopsis
A vulnerability has been discovered in NVClock, allowing for the execution
of arbitrary code.
Background
NVClock is an utility for changing NVidia graphic chipsets internal
frequency.
Affected Packages
Package: media-video/nvclock
Vulnerable: < 0.7-r2
Unaffected: >= 0.7-r2
Architectures: All supported architectures
Description
Tavis Ormandy of the Gentoo Linux Security Team discovered that NVClock
makes usage of an insecure temporary file in the /tmp directory.
Impact
A local attacker could create a specially crafted temporary file in
/tmp to execute arbitrary code with the privileges of the user running
NVCLock.
Workaround
There is no known workaround at this time.
Resolution
All NVClock users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/nvclock-0.7-r2" |
References
CVE-2007-3531
Last edited by GLSA on Fri Oct 17, 2014 4:24 am; edited 2 times in total |
|