Slashdot Mirror

← Back to Stories (view on slashdot.org)

Root Exploit For NVIDIA Closed-Source Linux Driver

Posted by ryuzaki0 on Monday October 16, 2006 @09:18AM from the dangerous-blobs dept.

possible writes, "KernelTrap is reporting that the security research firm Rapid7 has published a working root exploit for a buffer overflow in NVIDIA's binary blob graphics driver for Linux. The NVIDIA drivers for FreeBSD and Solaris are also likely vulnerable. This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux." Rapid7's suggested action to mitigate this vulnerability: "Disable the binary blob driver and use the open-source 'nv' driver that is included by default with X."

3 of 548 comments (clear)

Min score:

Reason:

Sort:

Fixed weeks ago by Planeflux · 2006-10-16 09:42 · Score: 5, Informative

Apparently, the bug/exploit was fixed in the 9625 beta release. http://www.nzone.com/object/nzone_downloads_rel70b etadriver.html
Re:useless suggestion by JensenDied · 2006-10-16 09:43 · Score: 5, Informative

FTFA
NVIDIA released the 1.0-9625
Comment posted by Anonymous (not verified) on Monday, October 16, 2006 - 13:22

NVIDIA released the 1.0-9625 driver which fixes this bug last month: http://www.nzone.com/object/nzone_downloads_rel70b etadriver.html

Its a bit ironic how these Rapid7 guys are foaming at the mouth about NVIDIA's awareness of the issue when Rapid7 wasn't even aware that its been fixed for weeks now.

--
09:F9:11:02 - 9D:74:E3:5B - D8:41:56:C5 - 63:56:88:C0
Re:useless suggestion by cortana · 2006-10-16 10:03 · Score: 5, Informative

The drivers on that page are "BETA". Not released.

It is interesting that when someone holds back the disclosure of a vulnerability in Microsoft software they are praised for practicing "responsible disclosure", but when these Rapid7 people do the same they are accused of foaming at the mouth needlessly since a fixed driver is allegedly already released.