Lucene search

Gentoo FoundationGLSA-200707-08

HistoryJul 24, 2007 - 12:00 a.m.

NVClock: Insecure file usage

2007-07-2400:00:00

Gentoo Foundation

security.gentoo.org

6.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Background

NVClock is an utility for changing NVidia graphic chipsets internal frequency.

Description

Tavis Ormandy of the Gentoo Linux Security Team discovered that NVClock makes usage of an insecure temporary file in the /tmp directory.

Impact

A local attacker could create a specially crafted temporary file in /tmp to execute arbitrary code with the privileges of the user running NVCLock.

Workaround

There is no known workaround at this time.

Resolution

All NVClock users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=media-video/nvclock-0.7-r2"

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-video/nvclock< 0.7-r2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	media-video/nvclock	< 0.7-r2	UNKNOWN

6.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for GLSA-200707-08