Re: Remote Root In Nvidia xserver Driver
On Tue, Oct 17, 2006 at 09:53:49PM -0400, Noah Meyerhans wrote:
> On Wed, Oct 18, 2006 at 02:11:24AM +0100, paddy wrote:
> > > NB: although some are saying this is a local root exploit only, the
> > > bulletin points out it can be exploited by visiting a malicious
> > > webpage.
> >
> > I've not scrutinised the claims closely, but it looks like a remote
> > vulnerability to me :-(
>
> The original(?) announcement of the vulnerability,
> http://download2.rapid7.com/r7-0025/ , states that the problem can be
> exploited as a DoS remotely via e.g. a specially crafted web page (an
> example of which they've graciously provided). However, as I read it,
> it sounds like you can only run arbitrary code if you are actually
> accessing the X server directly via a client. While this client can be
> local or remote, nobody is going to allow unauthenticated remote clients
> to access their X server, so this might not be so bad... Presumably
> this is because it's not practical or feasable to provide the actual
> shell code you want to jump to if you're only controlling an HTML
> document. If you're controlling the actual X client, it might be more
> reasonable. Of course, this may allow an attacker to leverage one of
> the many Firefox exploits to run code as root...
>
> Naturally, I could be wrong.
I read the advisory as describing a potential remote root exploit.
Naturally, I too could be wrong :-)
Regards,
Paddy
--
Perl 6 will give you the big knob. -- Larry Wall
Reply to: