CVE-2006-5379
First published: Wed Oct 18 2006(Updated: )
The accelerated rendering functionality of NVIDIA Binary Graphics Driver (binary blob driver) For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite arbitrary memory locations.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NVIDIA GPU Display Driver for Linux | =v8774 | |
| NVIDIA GPU Display Driver for Linux | =v8762 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://download2.rapid7.com/r7-0025/nv_exploit.c
- http://www.rapid7.com/advisories/R7-0025.jsp
- http://www.kb.cert.org/vuls/id/147252
- http://securitytracker.com/id?1017072
- http://secunia.com/advisories/22419
- http://nvidia.custhelp.com/cgi-bin/nvidia.cfg/php/enduser/std_adp.php?p_faqid=1971
- http://www.securityfocus.com/bid/20559
- http://download2.rapid7.com/r7-0025/
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102693-1
- http://www.ubuntu.com/usn/usn-377-1
- http://secunia.com/advisories/22676
- http://secunia.com/advisories/22730
- http://security.gentoo.org/glsa/glsa-200611-03.xml
- http://secunia.com/advisories/22764
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:007
- http://secunia.com/advisories/23678
- http://securityreason.com/securityalert/1742
- http://www.vupen.com/english/advisories/2006/4053
- http://www.vupen.com/english/advisories/2006/4328
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29622
- http://www.securityfocus.com/archive/1/451329/100/0/threaded
- http://www.securityfocus.com/archive/1/448860/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-5379?
CVE-2006-5379 has a high severity rating due to the potential for arbitrary code execution.
How do I fix CVE-2006-5379?
To fix CVE-2006-5379, update the NVIDIA Binary Graphics Driver to a version later than v8774 and v8762.
Who is affected by CVE-2006-5379?
Users of NVIDIA Binary Graphics Driver versions v8774 and v8762 on Linux are affected by CVE-2006-5379.
What types of attacks can exploit CVE-2006-5379?
CVE-2006-5379 can be exploited by local and remote attackers to execute arbitrary code via crafted font glyphs.
Is CVE-2006-5379 a local or remote vulnerability?
CVE-2006-5379 is considered to be both a local and remote vulnerability.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/nvidia
- canonical/nvidia gpu display driver for linux
- version/nvidia gpu display driver for linux/v8774
- version/nvidia gpu display driver for linux/v8762