Vulnerability CVE-2006-5379


Published: 2006-10-18   Modified: 2012-02-12

Description:
The accelerated rendering functionality of NVIDIA Binary Graphics Driver (binary blob driver) For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite arbitrary memory locations.

See advisories in our WLB2 database:
Topic
Author
Date
High
Buffer Overflow in NVIDIA Binary Graphics Driver For Linux
Derek Abdine (Ra...
19.10.2006

Type:

CWE-Other

Vendor: Nvidia
Product: Binary graphics driver 
Version: v8774; v8762;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://download2.rapid7.com/r7-0025/
http://download2.rapid7.com/r7-0025/nv_exploit.c
http://nvidia.custhelp.com/cgi-bin/nvidia.cfg/php/enduser/std_adp.php?p_faqid=1971
http://security.gentoo.org/glsa/glsa-200611-03.xml
http://securityreason.com/securityalert/1742
http://securitytracker.com/id?1017072
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102693-1
http://www.kb.cert.org/vuls/id/147252
http://www.mandriva.com/security/advisories?name=MDKSA-2007:007
http://www.rapid7.com/advisories/R7-0025.jsp
http://www.securityfocus.com/archive/1/448860/100/0/threaded
http://www.securityfocus.com/archive/1/451329/100/0/threaded
http://www.securityfocus.com/bid/20559
http://www.ubuntu.com/usn/usn-377-1
http://www.vupen.com/english/advisories/2006/4053
http://www.vupen.com/english/advisories/2006/4328
https://exchange.xforce.ibmcloud.com/vulnerabilities/29622

Related CVE
CVE-2019-5687
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor
CVE-2019-5686
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not a...
CVE-2019-5685
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code executi...
CVE-2019-5684
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution.
CVE-2019-5683
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the user mode video driver trace logger component. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This...
CVE-2017-6261
NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerability in the user space driver in which protection mechanisms are insufficient, may lead to denial of service or information disclosure.
CVE-2019-5677
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DeviceIoControl where the software reads from a buffer using buffer access mechanisms such as indexes o...
CVE-2019-5676
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or DLL preloading attack), lead...

Copyright 2019, cxsecurity.com

 

Back to Top