Bugtraq mailing list archives

Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability

From: "Nick Boyce" <nick.boyce () gmail com>
Date: Mon, 13 Nov 2006 17:19:52 +0000

On 11/7/06, Raphael Marichez <falco () gentoo org> wrote:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200611-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: NVIDIA binary graphics driver: Privilege escalation
            vulnerability
      Date: November 07, 2006
      Bugs: #151635
        ID: 200611-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The NVIDIA binary graphics driver is vulnerable to a local privilege
escalation

[snip]

An X client could trigger the buffer overflow with a maliciously
crafted series of glyphs. A remote attacker could also entice a user to
open a specially crafted web page, document or X client that will
trigger the buffer overflow.


um ... doesn't that make it a *remote* privilege escalation ?

Cheers,
Nick Boyce
--
The reason why worry kills more people than work is that more people
worry than work

Current thread:

[ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Raphael Marichez (Nov 07)
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Nick Boyce (Nov 13)
  - Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Raphael Marichez (Nov 13)
    - Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Nick FitzGerald (Nov 14)
  - Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Glynn Clements (Nov 14)