[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a847a3140611130919l4fbc3da5kd49213de61884658@mail.gmail.com>
Date: Mon, 13 Nov 2006 17:19:52 +0000
From: "Nick Boyce" <nick.boyce@...il.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk,
security-alerts@...uxsecurity.com
Subject: Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability
On 11/7/06, Raphael Marichez <falco@...too.org> wrote:
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Gentoo Linux Security Advisory GLSA 200611-03
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> http://security.gentoo.org/
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> Severity: High
> Title: NVIDIA binary graphics driver: Privilege escalation
> vulnerability
> Date: November 07, 2006
> Bugs: #151635
> ID: 200611-03
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> Synopsis
> ========
>
> The NVIDIA binary graphics driver is vulnerable to a local privilege
> escalation
[snip]
> An X client could trigger the buffer overflow with a maliciously
> crafted series of glyphs. A remote attacker could also entice a user to
> open a specially crafted web page, document or X client that will
> trigger the buffer overflow.
um ... doesn't that make it a *remote* privilege escalation ?
Cheers,
Nick Boyce
--
The reason why worry kills more people than work is that more people
worry than work
Powered by blists - more mailing lists