|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-disclosure] [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability
From: Raphael Marichez (falco
gentoo.org)
Date: Tue Nov 07 2006 - 16:24:18 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200611-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: NVIDIA binary graphics driver: Privilege escalation
vulnerability
Date: November 07, 2006
Bugs: #151635
ID: 200611-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
The NVIDIA binary graphics driver is vulnerable to a local privilege
escalation through an X session.
Background
==========
The NVIDIA binary graphics driver from NVIDIA Corporation provides the
kernel module and the GL modules for graphic acceleration on the NVIDIA
based graphic cards.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 x11-drivers/nvidia-drivers < 1.0.8776 >= 1.0.8776
< 1.0-8762
Description
===========
Rapid7 reported a boundary error in the NVIDIA binary graphics driver
that leads to a buffer overflow in the accelerated rendering
functionality.
Impact
======
An X client could trigger the buffer overflow with a maliciously
crafted series of glyphs. A remote attacker could also entice a user to
open a specially crafted web page, document or X client that will
trigger the buffer overflow. This could result in the execution of
arbitrary code with root privileges or at least in the crash of the X
server.
Workaround
==========
Disable the accelerated rendering functionality in the Device section
of xorg.conf :
Option "RenderAccel" "false"
Resolution
==========
NVIDIA binary graphics driver users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-1.0.8776"
References
==========
[ 1 ] CVE-2006-5379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5379
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200611-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
securitygentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFUQeSIS4GNEW6wBQRApmNAKCeIHZaxrSt8vbpoWPcHD96lfTFMACfQ8K0
sE5DHp/ETZxe4vU+sMOJf4M=
=z6yA
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]