Gentoo Logo

NVIDIA binary graphics driver: Privilege escalation vulnerability

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200611-03 / nvidia-drivers
Release Date November 07, 2006
Latest Revision November 10, 2006: 02
Impact high
Exploitable remote, local
Package Vulnerable versions Unaffected versions Architecture(s)
x11-drivers/nvidia-drivers < 1.0.8776 >= 1.0.8776, < 1.0.8762 All supported architectures

Related bugreports: #151635

Synopsis

The NVIDIA binary graphics driver is vulnerable to a local privilege escalation through an X session.

2.  Impact Information

Background

The NVIDIA binary graphics driver from NVIDIA Corporation provides the kernel module and the GL modules for graphic acceleration on the NVIDIA based graphic cards.

Description

Rapid7 reported a boundary error in the NVIDIA binary graphics driver that leads to a buffer overflow in the accelerated rendering functionality.

Impact

An X client could trigger the buffer overflow with a maliciously crafted series of glyphs. A remote attacker could also entice a user to open a specially crafted web page, document or X client that will trigger the buffer overflow. This could result in the execution of arbitrary code with root privileges or at least in the crash of the X server.

3.  Resolution Information

Workaround

Disable the accelerated rendering functionality in the Device section of xorg.conf :

Code Listing 3.1: Workaround

  "RenderAccel" "false"

Resolution

NVIDIA binary graphics driver users should upgrade to the latest version:

Code Listing 3.2: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-1.0.8776"

4.  References



Print

Page updated November 07, 2006

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.