lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Nov 2006 17:19:52 +0000 From: "Nick Boyce" <nick.boyce@...il.com> To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk, security-alerts@...uxsecurity.com Subject: Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability On 11/7/06, Raphael Marichez <falco@...too.org> wrote: > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Gentoo Linux Security Advisory GLSA 200611-03 > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > http://security.gentoo.org/ > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > Severity: High > Title: NVIDIA binary graphics driver: Privilege escalation > vulnerability > Date: November 07, 2006 > Bugs: #151635 > ID: 200611-03 > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > Synopsis > ======== > > The NVIDIA binary graphics driver is vulnerable to a local privilege > escalation [snip] > An X client could trigger the buffer overflow with a maliciously > crafted series of glyphs. A remote attacker could also entice a user to > open a specially crafted web page, document or X client that will > trigger the buffer overflow. um ... doesn't that make it a *remote* privilege escalation ? Cheers, Nick Boyce -- The reason why worry kills more people than work is that more people worry than work
Powered by blists - more mailing lists