NVIDIA Graphics Driver Blob Root Exploit

A recent security advisory announced today by Rapid7 explains, “the NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. This bug can be exploited both locally or remotely (via a remote X client or an X client which visits a malicious web page). A working proof-of-concept root exploit is attached to this advisory.” The advisory goes on to note that the FreeBSD and Solaris binary drivers are also likely vulnerable and cautions, “it is our opinion that NVIDIA’s binary driver remains an unacceptable security risk based on the large numbers of reproducible, unfixed crashes that have been reported in public forums and bug databases.”

58 Comments

  1. 2006-10-16 10:40 pm
    • 2006-10-16 11:23 pm
      • 2006-10-17 2:21 am
    • 2006-10-17 12:05 am
  2. 2006-10-16 10:48 pm
    • 2006-10-16 10:56 pm
      • 2006-10-16 11:06 pm
        • 2006-10-17 12:02 am
      • 2006-10-17 4:43 am
      • 2006-10-17 3:39 pm
        • 2006-10-17 7:13 pm
    • 2006-10-16 11:03 pm
      • 2006-10-16 11:05 pm
    • 2006-10-17 12:32 am
      • 2006-10-17 12:42 am
      • 2006-10-17 2:47 am
      • 2006-10-17 2:49 am
        • 2006-10-17 3:32 am
          • 2006-10-17 1:44 pm
  3. 2006-10-16 11:03 pm
    • 2006-10-16 11:41 pm
      • 2006-10-17 7:12 am
        • 2006-10-17 12:17 pm
    • 2006-10-17 12:46 am
      • 2006-10-17 2:37 am
        • 2006-10-17 5:08 am
          • 2006-10-17 7:24 am
          • 2006-10-17 7:40 am
          • 2006-10-17 7:56 am
          • 2006-10-17 9:04 am
          • 2006-10-17 1:50 pm
      • 2006-10-17 6:02 am
        • 2006-10-17 6:19 am
          • 2006-10-17 9:01 am
      • 2006-10-17 10:27 pm
  4. 2006-10-16 11:12 pm
    • 2006-10-17 1:36 pm
  5. 2006-10-16 11:14 pm
    • 2006-10-17 5:57 am
  6. 2006-10-16 11:20 pm
  7. 2006-10-17 12:25 am
  8. 2006-10-17 12:28 am
    • 2006-10-17 7:52 am
  9. 2006-10-17 12:35 am
    • 2006-10-17 1:20 am
    • 2006-10-17 1:37 am
    • 2006-10-17 5:55 am
    • 2006-10-17 3:57 pm
  10. 2006-10-17 4:15 am
  11. 2006-10-17 7:29 am
    • 2006-10-17 7:55 am
  12. 2006-10-17 7:53 am
  13. 2006-10-17 8:14 am
    • 2006-10-17 7:18 am
  14. 2006-10-17 8:18 am
  15. 2006-10-17 11:11 am
  16. 2006-10-17 1:20 pm
  17. 2006-10-17 4:32 pm