From: Glynn Clements (glynngclements.plus.com)
Date: Tue Nov 14 2006 - 05:16:41 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Nick Boyce wrote:

> On 11/7/06, Raphael Marichez <falcogentoo.org> wrote:
>
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> > Gentoo Linux Security Advisory GLSA 200611-03
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> > http://security.gentoo.org/
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> >
> > Severity: High
> > Title: NVIDIA binary graphics driver: Privilege escalation
> > vulnerability
> > Date: November 07, 2006
> > Bugs: #151635
> > ID: 200611-03
> >
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> >
> > Synopsis
> > ========
> >
> > The NVIDIA binary graphics driver is vulnerable to a local privilege
> > escalation
> [snip]
>
> > An X client could trigger the buffer overflow with a maliciously
> > crafted series of glyphs. A remote attacker could also entice a user to
> > open a specially crafted web page, document or X client that will
> > trigger the buffer overflow.
>
> um ... doesn't that make it a *remote* privilege escalation ?

Well, any file parsing bug could be considered a "remote"
vulnerability if you consider the prospect of downloading a malicious
file from the internet.

I don't think that remote X clients are an issue; the last time I
checked, the driver in question was only used for direct rendering,
which requires a local X client, while indirect rendering uses the
built-in software renderer.

--
Glynn Clements <glynngclements.plus.com>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]