FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-5379

This CVE name corresponds to:

Entered Topic
2006-10-16 nvidia-driver -- arbitrary root code execution vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-5379 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-5379
Phase Assigned(20061017)

Description

The accelerated rendering functionality of NVIDIA Binary Graphics Driver (binary blob driver) For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite arbitrary memory locations.

References

Source Reference
BUGTRAQ 20061016 Rapid7 Advisory R7-0025: Buffer Overflow in NVIDIA Binary Graphics Driver For Linux
BUGTRAQ 20061113 Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability
MISC http://download2.rapid7.com/r7-0025/nv_exploit.c
MISC http://www.rapid7.com/advisories/R7-0025.jsp
MISC http://download2.rapid7.com/r7-0025/
CONFIRM http://nvidia.custhelp.com/cgi-bin/nvidia.cfg/php/enduser/std_adp.php?p_faqid=1971
GENTOO GLSA-200611-03
MANDRIVA MDKSA-2007:007
SUNALERT 102693
UBUNTU USN-377-1
CERT-VN VU#147252
BID 20559
VUPEN ADV-2006-4053
VUPEN ADV-2006-4328
SECTRACK 1017072
SECUNIA 22419
SECUNIA 22676
SECUNIA 22730
SECUNIA 22764
SECUNIA 23678
SREASON 1742
XF nvidia-linux-driver-bo(29622)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.