Exploit code released for Nvidia flaw

Exploit code has been published for a security flaw in Nvidia's Linux graphics driver that could let a remote intruder take over a system.

The proof-of-concept code shows how an attacker could launch a buffer overflow and then commandeer the system, according to an advisory released Monday by security company Rapid7.

The critical flaws were found in Nvidia's Binary Graphics driver for Linux versions 8774 and 8762, and may also affect its Linux drivers for FreeBSD and Solaris, according to the advisory.

Rapid7, which discovered the flaws, said that the proprietary Linux drivers are vulnerable to a buffer overflow attack, should the user visit a malicious Web site. The attack could enable an outside to remotely run arbitrary code on the system and write arbitrary data anywhere in its memory.

Nvidia, a major graphics chipmaker that develops both proprietary and open-source drivers, is currently working on a hotfix for the drivers and hopes to have one in place within the next few days, an Nvidia representative said.

As a result, he said the company is comfortable with the processes it has in place, despite the publication of the proof-of-concept exploit code. Rapid7 said it released the code last week to demonstrate that Nvidia's Linux driver vulnerabilities are a high security risk. It said that that risk has been present in the drivers for a couple of years.

"There have been multiple public reports of this Nvidia bug on the NVNews forum and elsewhere, dating back to 2004," Rapid7 said in its advisory. "In a public posting on the NVNews forum, an Nvidia employee reported having reproduced the problem, assigned it bug ID 239065, and promised a fix would be forthcoming."

Although Nvidia made its first public acknowledgement of the problem in July, the binary driver is still vulnerable, according to Rapid7's advisory.

"It is our opinion that Nvidia's binary driver remains an unacceptable security risk based on the larger numbers of reproducible, unfixed crashes that have been reported in public forums and bug databases," Rapid7's advisory said.

Nvidia, however, contends it fixed the bug over the summer and it was unaware of the security flaws until contacted by Rapid7 on Monday.

[NewsReader_]

Say it isn't so...

Linux is as vulnerable to the same types of security exploits as Windows? Get out of here! :-)

As Linux deployment grows, you fanboys on your high horses will realize that you are actually riding a mule.

[KTLA_knew]

Oh no you di'int!

Did you *SERIOUSLY* suggest that this is anything like a driver bug that causes a security vulnerability on Windows?

I'd run, because there ain't enough asbestos for you, my friend. Logic doesn't fly around here, it just attracts the religious and brainless on both sides of the aisle.

See the inevitable comments below...

[qwerty75]

Amazing ignorance

A third party proprietary driver and is not part of linux makes linux as big of a security problem as the swiss cheese known as windows.

How do you remember to breathe?

[Gino Deblauwe]

ok: it isn't so

This just makes it obvious why proprietary (closed source) drivers can't hook directly in the kernel, (like in this case just to gain a few FPS)
If this was opensource, the problem would have been identified a very long time ago by someone, and it wouldn't take months, but just a few hours to fix it

I would call this an abuse of trust that needs consequences, not a major linux problem since the problem isn't the kernel.

BTW newsreader, I kept my response to explain to you as short as possible to make it clear where the real problem lies, you never know when you have to reboot your windows security nightmare again

[Gayle Edwards]

Hhhmmm... Thats right...

...A "third-party", "proprietary" closed-source "binary" driver... which isnt actually part of "Linux", can cause a serious-vulnerability (given that the computer is running this particular "binary-driver", AND, if... the user can be coaxed into visiting a "malicious web-site" that is specifically designed to take advantage of this "flaw").

Or, as the story explains...

>> "It is our opinion that Nvidias binary driver remains an unacceptable security risk..."

But, say... wasnt that, sort of, exactly... why so many OSS-supporters were so adamant about condemning the inclusion of such "closed-source code" into the core of the "Linux" ecosystem, just a little while ago..?

Of course... "NVIDIA" is trying to down-play the problem...

"NVIDIA" says theyre.., "...comfortable with the processes it has in place, despite the publication of the proof-of-concept exploit code".

Nonetheless, ONLY "*nix" users running "closed-source binaries", for "NVIDIA" hardware... are at risk, in this instance. And, though, I really like "NVIDIA" products, and would hope that the "Linux" driver-model will be quickly reworked to address this type of, potential, issue... this clearly highlights one of the real-problems with allowing "black-box" modules in ANY computer-software environment...

...the end-user is at the mercy, whims, and goals, of whoever holds the actual keys to their system.

My conclusion:

"Closed-source" - GOOD for a few businesses (usually for the wrong reasons)... generally BAD for the consumer (for the PAINFULLY-OBVIOUS reasons).

Well... thats my opinion, anyway.

[cabdriverjim]

X11 driver, not Linux

The way I read the information it seems pretty clear the flaw is in the X driver code which renders glyphs (text, symbols, etc). Which means this almost certainly affects all operating systems running X with nvidia's proprietary binary-only drivers. Not a Linux issue at all, really.

It looks like this problem may be fixed in the 9625 beta drivers, also.

In any case, this underscores why proprietary drivers (and software in general) are a very bad thing. The problem has been known about for quite some time yet users who are forced (some newer cards don't work with 'nv') to use the proprietary driver are helpless to solve the problem. Aside from buying another vendor's video card, that is. But there really aren't many good choices. ATI is no better and in many ways worse. And nvidia has some useful features like SLI.

Perhaps someone will take this as a chance to promote a Linux-friendly 3D video card which isn't proprietary. Rather than jumping up and down screaming "See I knew Linux was as bad as Windows" as an excuse for their not bothering to understand anything about non-Microsoft systems.