OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Full-disclosure] [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability

From: Nick Boyce (nick.boycegmail.com)
Date: Mon Nov 13 2006 - 11:19:52 CST


On 11/7/06, Raphael Marichez <falcogentoo.org> wrote:

> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Gentoo Linux Security Advisory GLSA 200611-03
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> http://security.gentoo.org/
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> Severity: High
> Title: NVIDIA binary graphics driver: Privilege escalation
> vulnerability
> Date: November 07, 2006
> Bugs: #151635
> ID: 200611-03
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> Synopsis
> ========
>
> The NVIDIA binary graphics driver is vulnerable to a local privilege
> escalation
[snip]

> An X client could trigger the buffer overflow with a maliciously
> crafted series of glyphs. A remote attacker could also entice a user to
> open a specially crafted web page, document or X client that will
> trigger the buffer overflow.

um ... doesn't that make it a *remote* privilege escalation ?

Cheers,
Nick Boyce
--
The reason why worry kills more people than work is that more people
worry than work

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/