Slashdot Mirror

← Back to Stories (view on slashdot.org)

Root Exploit For NVIDIA Closed-Source Linux Driver

Posted by ryuzaki0 on from the dangerous-blobs dept.

possible writes, "KernelTrap is reporting that the security research firm Rapid7 has published a working root exploit for a buffer overflow in NVIDIA's binary blob graphics driver for Linux. The NVIDIA drivers for FreeBSD and Solaris are also likely vulnerable. This will no doubt fuel the debate about whether binary blob drivers should be allowed in Linux." Rapid7's suggested action to mitigate this vulnerability: "Disable the binary blob driver and use the open-source 'nv' driver that is included by default with X."

6 of 548 comments (clear)

  1. Re:useless suggestion by Geekboy(Wizard) · · Score: 0, Troll

    how is it useless? you're being encouraged to use open source software for your drivers. you know, the version WITHOUT root exploits.

  2. Re:better suggestion by Sqwubbsy · · Score: 0, Troll

    Of course this now gives me some ammo against the Linux+nVidia fans I personally know. As Nelson Muntz would say: "Ha ha".

    So what are you? A Linux+ATI fan? w00t - you finally get to hit back. So now the nVidia folks know what it's like to run Linux without 3D support.

    Boy, you showed them, tough guy.

    --
    $30 Off All Plans: Use code TRIPLESAWBUCK
  3. Re:useless suggestion by AJWM · · Score: 0, Troll

    Nvidia is a closed-source company, but they make good products.

    With root-exploitable drivers. Must be some new meaning of the words "good products" with which we were previously unaware.

    Personally I don't touch NVidia graphics cards. My ATI-9250 based card (the last chip for which ATI released the specs) works just fine (including OpenGL support) with open source drivers.

    --
    -- Alastair
  4. There is no argument by QuantumG · · Score: 0, Troll

    if you used closed source drivers on a machine that you need to be secure, you're a dickhead.

    --
    How we know is more important than what we know.
  5. Re:useless suggestion by pak9rabid · · Score: 0, Troll

    I really wish all of the open-source Nazi's would get off Nvidia's nuts about open-sourcing thier video drivers. They're not going to and people should accept this. No amount of bitching and Stallmanism is going to change this. Financial interest > idealism from a for-profit company's point of view. I enjoy having 3D acceleration support under linux (which is my primary operating system), and I really don't want nvidia to stop supporting their hardware under Linux because of the open-source radicals out there. Please don't ruin this for everyone else; you guys are greatly outnumbered.

  6. Re:useless suggestion by suparjerk · · Score: 0, Troll

    Yeah, okay. Giving a computer a direct connection to the Internet is a bad idea and people who do that deserve what they get.

    On a similar note, maybe the next time you drive on the interstate, your car will manifest that it has a manufacturing defect and all your wheels will suddenly fall off. But whatever, you were driving on the interstate directly. You deserve what you get.

    --
    I caught the Mountain Wumpus! He gave me his treasure chest ($100) to let him go free again.