Multiple Browsers WebGL Implementation Linux NVIDIA Driver 'glBufferData()' Security Vulnerability
BID:53808
Info
Multiple Browsers WebGL Implementation Linux NVIDIA Driver 'glBufferData()' Security Vulnerability
| Bugtraq ID: | 53808 |
| Class: | Unknown |
| CVE: |
CVE-2011-3101 |
| Remote: | Yes |
| Local: | No |
| Published: | May 15 2012 12:00AM |
| Updated: | Jun 27 2012 10:10AM |
| Credit: | Aki Helin of OUSPG |
| Vulnerable: |
Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 SuSE openSUSE 12.1 SuSE openSUSE 11.4 SRWare Iron 18.0.1050.0 SRWare Iron 15.0.900.1 SRWare Iron 15 RedHat Enterprise Linux Desktop Workstation 5 client Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Mozilla Firefox ESR 10.0.4 Mozilla Firefox ESR 10.0.3 Mozilla Firefox ESR 10.0.2 Mozilla Firefox 12.0 Mozilla Firefox 11.0 Mozilla Firefox 10.0.2 Mozilla Firefox 10.0.1 Mozilla Firefox 10.0 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Google Chrome 17.0.963 79 Google Chrome 17.0.963 65 Google Chrome 16.0.912 75 Google Chrome 18.0.1025.168 Google Chrome 18.0.1025.162 Google Chrome 18.0.1025.151 Google Chrome 18.0.1025.142 Google Chrome 17.0.963.83 Google Chrome 17.0.963.78 Google Chrome 17.0.963.60 Google Chrome 17.0.963.56 Google Chrome 17.0.963.46 Google Chrome 16.0.912.77 Google Chrome 16.0.912.75 Google Chrome 16.0.912.63 Google Chrome 16 Avaya IQ 5.2 Avaya IQ 5.1.1 Avaya IQ 5.1 Avaya IQ 5 Avaya Communication Server 1000M Signaling Server 7.5 Avaya Communication Server 1000M Signaling Server 7.0 Avaya Communication Server 1000M 7.5 Avaya Communication Server 1000M 7.0 Avaya Communication Server 1000E Signaling Server 7.5 Avaya Communication Server 1000E Signaling Server 7.0 Avaya Communication Server 1000E 7.5 Avaya Communication Server 1000E 7.0 Avaya Aura System Manager 6.2 Avaya Aura System Manager 6.1 Avaya Aura System Manager 6.0 Avaya Aura System Manager 5.2 Avaya Aura Session Manager 6.2 Avaya Aura Session Manager 6.1 Avaya Aura Session Manager 6.0 Avaya Aura Session Manager 5.2 Avaya Aura Session Manager 1.1 Avaya Aura Session Manager 1.0 Avaya Aura Presence Services 6.1.1 Avaya Aura Presence Services 6.1 Avaya Aura Presence Services 6.0 |
| Not Vulnerable: |
Mozilla Firefox ESR 10.0.5 Mozilla Firefox 13.0 Google Chrome 19 |
Discussion
Multiple Browsers WebGL Implementation Linux NVIDIA Driver 'glBufferData()' Security Vulnerability
Multiple browsers are prone to an unspecified security vulnerability that affects the WebGL implementation.
The impact of this issue has not been disclosed.
Note: This issue was previously discussed in BID 53540 (Google Chrome Prior to 19 Multiple Security Vulnerabilities) but has been given its own record to better document it.
The following are vulnerable:
Google Chrome versions prior to 19
Mozilla Firefox versions prior to 13 and ESR 10.0.5
Multiple browsers are prone to an unspecified security vulnerability that affects the WebGL implementation.
The impact of this issue has not been disclosed.
Note: This issue was previously discussed in BID 53540 (Google Chrome Prior to 19 Multiple Security Vulnerabilities) but has been given its own record to better document it.
The following are vulnerable:
Google Chrome versions prior to 19
Mozilla Firefox versions prior to 13 and ESR 10.0.5
Exploit / POC
Multiple Browsers WebGL Implementation Linux NVIDIA Driver 'glBufferData()' Security Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Multiple Browsers WebGL Implementation Linux NVIDIA Driver 'glBufferData()' Security Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Multiple Browsers WebGL Implementation Linux NVIDIA Driver 'glBufferData()' Security Vulnerability
References:
References:
- 19 Stable Channel Update (Google)
- Google Chrome Homepage (Google)
- Mozilla Firefox Homepage (Mozilla)
- Mozilla Foundation Security Advisory 2012-34 (Mozilla)