Monday, October 16, 2006

NVIDIA Root Explot

The following says it all:

   The NVIDIA Binary Graphics Driver for Linux is vulnerable to a
buffer overflow that allows an attacker to run arbitrary code as
root. This bug can be exploited both locally or remotely (via
a remote X client or an X client which visits a malicious web page).
A working proof-of-concept root exploit is included with this
advisory.

Yeah, so apparently we don't need Internet Explorer and Windows anymore to have malicious software silently installed on our computers - we just need NVIDIA's closed-source graphics driver. Update: Fortunately, the bug has been fixed in NVIDIA's 1.0-9625 beta driver. The thing is, you need Xorg 7.1 to run that, so everyone running Ubuntu 6.06/Dapper Drake is still vulnerable.

On that note - are there any analogous driver exploits in Windows like this? I didn't even think something like this was possible in Linux...

(Thanks Hubert...)

3 comments:

Anonymous said...

Of course it's possible, what did you think would happen if you insert a module into the kernel that has a flaw like this? And you wonder why people (well this is only one reasoning) complain about closed-source drivers... (Hey I don't see why it couldn't happen in other OSes too, video drivers are low level right?) It's too bad it's closed, otherwise it would've been found a while ago and fixed but hey, it's fixed by nvidia's beta drivers...

Douglas F Shearer said...

Hi GameGod.

This has nothing to do with your post, sorry about that.

I saw that you posted on Digg saying you had put Ubuntu on a Lacie Ethernet Disk. I was wondering what procedure you used to load ubuntu in the first place? PXE boot or external CD Drive were what I reckoned.

There's a thread over on the Ubuntu forums where someone else was wondering: http://ubuntuforums.org/showthread.php?t=214672&highlight=lacie+ethernet

If you can reply to this it would be appreciated.

Dougal (dougal DOT s AT gmail DOT com)

Anonymous said...

thank you nice sharing
cep programsymbian programnokia programhtml kodlarıbedava cep oyunlarıcilt bakımı