Bugtraq mailing list archives
Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability
From: "Nick Boyce" <nick.boyce () gmail com>
Date: Mon, 13 Nov 2006 17:19:52 +0000
On 11/7/06, Raphael Marichez <falco () gentoo org> wrote:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200611-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: NVIDIA binary graphics driver: Privilege escalation vulnerability Date: November 07, 2006 Bugs: #151635 ID: 200611-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== The NVIDIA binary graphics driver is vulnerable to a local privilege escalation
[snip]
An X client could trigger the buffer overflow with a maliciously crafted series of glyphs. A remote attacker could also entice a user to open a specially crafted web page, document or X client that will trigger the buffer overflow.
um ... doesn't that make it a *remote* privilege escalation ? Cheers, Nick Boyce -- The reason why worry kills more people than work is that more people worry than work
Current thread:
- [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Raphael Marichez (Nov 07)
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Nick Boyce (Nov 13)
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Raphael Marichez (Nov 13)
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Nick FitzGerald (Nov 14)
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Glynn Clements (Nov 14)
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Raphael Marichez (Nov 13)
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Nick Boyce (Nov 13)