|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200611-03] NVIDIA binary graphics driver: Privilege escalation vulnerability Vulnerability Scan
Vulnerability Scan Summary NVIDIA binary graphics driver: Privilege escalation vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200611-03
(NVIDIA binary graphics driver: Privilege escalation vulnerability)
Rapid7 reported a boundary error in the NVIDIA binary graphics driver
that leads to a buffer overflow in the accelerated rendering
functionality.
Impact
An X client could trigger the buffer overflow with a maliciously
crafted series of glyphs. A remote attacker could also entice a user to
open a specially crafted web page, document or X client that will
trigger the buffer overflow. This could result in the execution of
arbitrary code with root rights or at least in the crash of the X
server.
Workaround
Disable the accelerated rendering functionality in the Device section
of xorg.conf :
Option "RenderAccel" "false"
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5379
Solution:
NVIDIA binary graphics driver users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-1.0.8776"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|