Remote Root In Nvidia xserver Driver

To: debian-security@lists.debian.org
Subject: Remote Root In Nvidia xserver Driver
From: Nick Boyce <nick@glimmer.demon.co.uk>
Date: Wed, 18 Oct 2006 01:38:25 +0100
Message-id: <[🔎] 200610180138.25404.nick@glimmer.demon.co.uk>

Regarding the remote root hole in Nvidia's closed-source binary xserver driver 
announced today by Rapid7 :
  http://download2.rapid7.com/r7-0025/
and being discussed all over the place :
  http://it.slashdot.org/article.pl?sid=06/10/16/2038253
  http://kerneltrap.org/node/7228
it looks to me as though the hole is not present in the version of the driver 
packaged for Sarge (1.0.7174).  The Rapid7 bulletin asserts the hole is 
present in Linux driver versions 8762 and 8774 - and _probably_ earlier 
versions.

When I tried the PoC URL given at KernelTrap using a vanilla Sarge 
installation with the v7174 driver, KDE 3.3.2 and Konqueror my xserver did 
*not* crash - instead I saw this :

  An error occurred while loading http://nvidia.com/content/license/:

  Connection to host nvidia.com is broken.

Just for the sake of calm (my calm) can anyone else confirm this ?

NB: although some are saying this is a local root exploit only, the bulletin 
points out it can be exploited by visiting a malicious webpage.

Cheers
Nick Boyce
-- 
Will no one rid me of this troublesome chair ?

Reply to:

Follow-Ups:
- Re: Remote Root In Nvidia xserver Driver
  - From: paddy <paddy@panici.net>
- Re: Remote Root In Nvidia xserver Driver
  - From: "Sam Morris" <sam@robots.org.uk>

Prev by Date: Re: Is there a GUI client for nessus 3.0 running on Debian Sarge 3.1?
Next by Date: Re: Remote Root In Nvidia xserver Driver
Previous by thread: Re: Is there a GUI client for nessus 3.0 running on Debian Sarge 3.1?
Next by thread: Re: Remote Root In Nvidia xserver Driver
Index(es):
- Date
- Thread