[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Remote Root In Nvidia xserver Driver

On Tue, Oct 17, 2006 at 09:53:49PM -0400, Noah Meyerhans wrote:
> On Wed, Oct 18, 2006 at 02:11:24AM +0100, paddy wrote:
> > > NB: although some are saying this is a local root exploit only, the
> > > bulletin points out it can be exploited by visiting a malicious
> > > webpage.
> > 
> > I've not scrutinised the claims closely, but it looks like a remote
> > vulnerability to me :-(
> 
> The original(?) announcement of the vulnerability,
> http://download2.rapid7.com/r7-0025/ , states that the problem can be
> exploited as a DoS remotely via e.g. a specially crafted web page (an
> example of which they've graciously provided).  However, as I read it,
> it sounds like you can only run arbitrary code if you are actually
> accessing the X server directly via a client.  While this client can be
> local or remote, nobody is going to allow unauthenticated remote clients
> to access their X server, so this might not be so bad...  Presumably
> this is because it's not practical or feasable to provide the actual
> shell code you want to jump to if you're only controlling an HTML
> document.  If you're controlling the actual X client, it might be more
> reasonable.  Of course, this may allow an attacker to leverage one of
> the many Firefox exploits to run code as root...
> 
> Naturally, I could be wrong.

I read the advisory as describing a potential remote root exploit.

Naturally, I too could be wrong :-)

Regards, 
Paddy
-- 
Perl 6 will give you the big knob. -- Larry Wall
Reply to: