NVIDIA Root Explot
The following says it all:
The NVIDIA Binary Graphics Driver for Linux is vulnerable to a
buffer overflow that allows an attacker to run arbitrary code as
root. This bug can be exploited both locally or remotely (via
a remote X client or an X client which visits a malicious web page).
A working proof-of-concept root exploit is included with this
advisory.
Yeah, so apparently we don't need Internet Explorer and Windows anymore to have malicious software silently installed on our computers - we just need NVIDIA's closed-source graphics driver. Update: Fortunately, the bug has been fixed in NVIDIA's 1.0-9625 beta driver. The thing is, you need Xorg 7.1 to run that, so everyone running Ubuntu 6.06/Dapper Drake is still vulnerable.
On that note - are there any analogous driver exploits in Windows like this? I didn't even think something like this was possible in Linux...
(Thanks Hubert...)
3 comments:
Of course it's possible, what did you think would happen if you insert a module into the kernel that has a flaw like this? And you wonder why people (well this is only one reasoning) complain about closed-source drivers... (Hey I don't see why it couldn't happen in other OSes too, video drivers are low level right?) It's too bad it's closed, otherwise it would've been found a while ago and fixed but hey, it's fixed by nvidia's beta drivers...
Hi GameGod.
This has nothing to do with your post, sorry about that.
I saw that you posted on Digg saying you had put Ubuntu on a Lacie Ethernet Disk. I was wondering what procedure you used to load ubuntu in the first place? PXE boot or external CD Drive were what I reckoned.
There's a thread over on the Ubuntu forums where someone else was wondering: http://ubuntuforums.org/showthread.php?t=214672&highlight=lacie+ethernet
If you can reply to this it would be appreciated.
Dougal (dougal DOT s AT gmail DOT com)
thank you nice sharing
cep programsymbian programnokia programhtml kodlarıbedava cep oyunlarıcilt bakımı
Post a Comment