1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200707-08 / nvclock |
| Release Date | July 24, 2007 |
| Latest Revision | July 24, 2007: 01 |
| Impact | normal |
| Exploitable | local |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| media-video/nvclock | < 0.7-r2 | >= 0.7-r2 | All supported architectures |
Related bugreports: #184071
A vulnerability has been discovered in NVClock, allowing for the execution of arbitrary code.
NVClock is an utility for changing NVidia graphic chipsets internal frequency.
Tavis Ormandy of the Gentoo Linux Security Team discovered that NVClock makes usage of an insecure temporary file in the /tmp directory.
A local attacker could create a specially crafted temporary file in /tmp to execute arbitrary code with the privileges of the user running NVCLock.
There is no known workaround at this time.
All NVClock users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=media-video/nvclock-0.7-r2" |