Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability

To: "Nick Boyce" <nick.boyce@xxxxxxxxx>
Subject: Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability
From: Glynn Clements <glynn@xxxxxxxxxxxxxxxxxx>
Date: Tue, 14 Nov 2006 11:16:41 +0000
Cc: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, security-alerts@xxxxxxxxxxxxxxxxx
In-reply-to: <a847a3140611130919l4fbc3da5kd49213de61884658@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20061107222418.GC2401@xxxxxxxxxxxxxxxx> <a847a3140611130919l4fbc3da5kd49213de61884658@xxxxxxxxxxxxxx>

Nick Boyce wrote:

> On 11/7/06, Raphael Marichez <falco@xxxxxxxxxx> wrote:
> 
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> > Gentoo Linux Security Advisory                           GLSA 200611-03
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> >                                             http://security.gentoo.org/
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> >
> >   Severity: High
> >      Title: NVIDIA binary graphics driver: Privilege escalation
> >             vulnerability
> >       Date: November 07, 2006
> >       Bugs: #151635
> >         ID: 200611-03
> >
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> >
> > Synopsis
> > ========
> >
> > The NVIDIA binary graphics driver is vulnerable to a local privilege
> > escalation
> [snip]
> 
> > An X client could trigger the buffer overflow with a maliciously
> > crafted series of glyphs. A remote attacker could also entice a user to
> > open a specially crafted web page, document or X client that will
> > trigger the buffer overflow.
> 
> um ... doesn't that make it a *remote* privilege escalation ?

Well, any file parsing bug could be considered a "remote"
vulnerability if you consider the prospect of downloading a malicious
file from the internet.

I don't think that remote X clients are an issue; the last time I
checked, the driver in question was only used for direct rendering,
which requires a local X client, while indirect rendering uses the
built-in software renderer.

-- 
Glynn Clements <glynn@xxxxxxxxxxxxxxxxxx>

References:
- [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability
  - From: Raphael Marichez
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability
  - From: Nick Boyce

Prev by Date: Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability
Next by Date: Inventory Manager [injection sql & xss (get)]
Previous by thread: Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability
Next by thread: XSS in Kayako SupportSuite v3.00.32
Index(es):
- Date
- Thread