Announcement

Collapse
No announcement yet.

NVIDIA Driver Security Exploit

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • NVIDIA Driver Security Exploit

    Oh, this is a nice one:
    http://download2.rapid7.com/r7-0025/

    Security vunerabilities in Nvidia binary drivers.

    With active proof-of-concept exploit for Linux. This is not only a local vunerability with X + nvidia drivers, but it can be remotely exploitable.. for instance if your browsing to a malicious website it's possible for somebody to have your browser display something _which_could_give_them_root_access_.

    This is a problem with how Nvidia accelerates rendering of text. This is a very very serious problem.

    This bug has been around for years now. First reported in 2004 it took nearly 2 years for Nvidia to aknowledge the problem, which was in July 2006 and they still haven't fixed it.

    To me this is headlines-style stuff.

  • #2
    There is more information on the security exploit over @ Kernel Trap

    The bug may be fixed in NVIDIA Beta 1.0-9625.
    Michael Larabel
    http://www.michaellarabel.com/

    Comment


    • #3
      For 1.0-8XXX series, the exploit can be fixed by throwing:

      Option "RenderAccel" "False"

      into the xorg.conf
      Michael Larabel
      http://www.michaellarabel.com/

      Comment


      • #4
        NVIDIA has released a statement on the matter:

        http://nvidia.custhelp.com/cgi-bin/n...p?p_faqid=1971

        The drivers at http://www.nvidia.com/object/unix.html now also contain a hotfix.
        Michael Larabel
        http://www.michaellarabel.com/

        Comment

        Working...
        X