<<< Date Index >>>     <<< Thread Index >>>

Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability



On 11/7/06, Raphael Marichez <falco@xxxxxxxxxx> wrote:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200611-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: NVIDIA binary graphics driver: Privilege escalation
            vulnerability
      Date: November 07, 2006
      Bugs: #151635
        ID: 200611-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The NVIDIA binary graphics driver is vulnerable to a local privilege
escalation
[snip]

An X client could trigger the buffer overflow with a maliciously
crafted series of glyphs. A remote attacker could also entice a user to
open a specially crafted web page, document or X client that will
trigger the buffer overflow.

um ... doesn't that make it a *remote* privilege escalation ?

Cheers,
Nick Boyce
--
The reason why worry kills more people than work is that more people
worry than work