Full Disclosure mailing list archives
Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 14 Nov 2006 17:11:58 +1300
Raphael Marichez to Nick Boyce (??):
um ... doesn't that make it a *remote* privilege escalation ?in a certain way... you're right... although that requires the user complicity, strictly speaking, you're right.
Makes it no less remote. Not _automatic_ remote, but still very, very much "remote".
The guy who would manage to remotely root a box with that vulnerability would be really good. The real serious risk is local only. (think about all that unpatched linux boxes in the universities...)
You have a really odd view of the security exposure... Even _Microsoft_ (now) self-rates this type of vulnerability as critical and remotely exploitable for execution of arbitrary code (e.g. the WMF vuln from late last year). OK -- so we can quibble over whether it released patches quickly enough in that case (no), but at least even the traditionally considered slackest of security slackers gets the rating of the severity and scope of this kind of vuln right. Any hope of Linux distro folk getting that clued? Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Raphael Marichez (Nov 07)
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Nick Boyce (Nov 13)
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Raphael Marichez (Nov 13)
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Nick FitzGerald (Nov 13)
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Glynn Clements (Nov 14)
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Raphael Marichez (Nov 13)
- Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability Nick Boyce (Nov 13)