Bug 212767 - Buffer Overflow in NVIDIA Binary Graphics Driver For Linux causes local (or remote?) root exploit
Buffer Overflow in NVIDIA Binary Graphics Driver For Linux causes local (or r...
Classification: openSUSE
Product: SUSE Linux 10.1
Classification: openSUSE
Component: Security
x86-64 SuSE Linux 10.1
: P1 - Urgent : Blocker (vote)
: ---
Assigned To: Security Team bot
E-mail List
Depends on:
  Show dependency treegraph
Reported: 2006-10-16 22:22 UTC by Martin Schröder
Modified: 2006-11-14 10:51 UTC (History)
1 user (show)

See Also:
Found By: Customer
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Martin Schröder 2006-10-16 22:22:59 UTC

A recent security advisory announced today by Rapid7 explains, "the NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. This bug can be exploited both locally or remotely (via a remote X client or an X client which visits a malicious web page). A working proof-of-concept root exploit is attached to this advisory." The advisory goes on to note that the FreeBSD and Solaris binary drivers are also likely vulnerable to the same flaw and cautions, "it is our opinion that NVIDIA's binary driver remains an unacceptable security risk based on the large numbers of reproducible, unfixed crashes that have been reported in public forums and bug databases."

NVidia claims this is fixed in version 1.0-9625 (beta!) of their driver.
Comment 1 Marcus Meissner 2006-10-17 06:37:27 UTC
We are not shipping the nvidia driver, nvidia does it for us.

Please go and tell it to NVIDIA.

But thanks for the report!
Comment 2 Ludwig Nussel 2006-11-14 10:10:56 UTC
Comment 3 Marcus Meissner 2006-11-14 10:23:34 UTC
according to sndirsch the nvidia drivers installed by our YOU scripts in 
9.2, 9.3 and 10.0 are _not_ affected by this problem.

Only 10.1 / SLED 10 are.

These have problems with the KMP update process currently, which we will have to force a bit.