Re: Remote Root In Nvidia xserver Driver
On Wed, Oct 18, 2006 at 05:55:00AM +0400, Noah Meyerhans wrote:
> On Wed, Oct 18, 2006 at 02:11:24AM +0100, paddy wrote:
> > > NB: although some are saying this is a local root exploit only, the
> > > bulletin points out it can be exploited by visiting a malicious
> > > webpage.
> > I've not scrutinised the claims closely, but it looks like a remote
> > vulnerability to me :-(
> The original(?) announcement of the vulnerability,
> http://download2.rapid7.com/r7-0025/ , states that the problem can be
> exploited as a DoS remotely via e.g. a specially crafted web page (an
> example of which they've graciously provided). However, as I read it,
> it sounds like you can only run arbitrary code if you are actually
> accessing the X server directly via a client. While this client can be
> local or remote, nobody is going to allow unauthenticated remote clients
> to access their X server, so this might not be so bad... Presumably
> this is because it's not practical or feasable to provide the actual
> shell code you want to jump to if you're only controlling an HTML
> document. If you're controlling the actual X client, it might be more
> reasonable. Of course, this may allow an attacker to leverage one of
> the many Firefox exploits to run code as root...
> Naturally, I could be wrong.
Stop using blobs like nvidia videodriver in debian.
Force them to go opensource!