Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
All comments and opinions about the latest - or, unfortunately, not so latest[1][2] - exploit of nVidia's binary drivers would be welcomed.
A proof-of-concept? Any real-world examples? Remote or local?
Security exports and others, please comment.
Not quite sure what you're asking.
There exists a security bug in nVidia's binary drivers, which allows for the possibility of a buffer overflow in data supplied to an affected X server by an X client.
Therefore, any X client capable of talking to the server can (intentionally or unintentionally) overflow the buffer.
The best outcome is that nothing happens. The most likely outcome is the crashing of X (sometime later on). The worst outcome is the execution of arbitrary code with root privileges.
The nature of a potential exploit depends on the nature of the potential victim. Who do you allow to connect to your X server (let's count)? Is it only users in a special group? If you intend to serve a network, you will have to count those in your total. Now all the users/groups on the list you've compiled have the potential to escalate their priviledges, and should be treated as the potential pathways for an exploit to attack your computer. NOTE: the most likely scenario is that all programs connecting to your X server will have your priviledge level (i.e., executed (knowingly or unknowingly) as `whoami`), and the only pathway a potential exploit can take is to trick you in one way or another.
There is a proof-of-concept exploit written by rapid7. It is just that: a proof that this software is vulnerable. This proof-of-concept doesn't do anything malicious, but could be modified to do so. AFAIK, there are no wild exploits circulating. BTW, the proof of concept works on x86 only when you are running with a 4-byte wordsize (i.e., only on a 32-bit x86 or x86_64 in 32-bit mode). This does not mean they are invulnerable, it just means that that particular code won't work. It is also likely that the Solaris and BSD counterparts to these drivers are also vulnerable. It is unverified that the new beta drivers released by nVidia in September fixed the bug.
I read an article on ZDNet about this which quoted the creator of the exploit code as saying the vulnerability could be exploited by a malicious web site. If this is true, I would say this is a very significant flaw. I don't really need 3d video so I personally decided to go back to the open source driver at least until the flaw is patched.
A proof-of-concept? Any real-world examples? Remote or local?
The security advisory states both local and remote exploits are possible, including simply visiting a malicious website (ouch!). The advisory gives a link to POC source code.
Nvidia Driver For Linux v8774 and v8762 are subject to a buffer overflow bug that creates a means for hackers to inject hostile code as root.
by default the nvidia drivers try to accelerate the XRender extension (used for AA fonts and other things) in hardware
: Option "RenderAccel" "false" can indeed work around the exploit
in : Section "Device" , in /etc/X11/xorg.conf
change
Code:
Option "RenderAccel" "0"
save, restart X
exploit only possible on pre-96xx-series drivers
thanks to Thunderbird for the fix
actually, it seems that anything before v9625 may be vulnerable:
The security advisory states both local and remote exploits are possible, including simply visiting a malicious website (ouch!). The advisory gives a link to POC source code.
I've not seen any updates.
The exploit described by pointing your browser to a malicious webpage causes a Denial of Service, possibly crashing the X server. While this is very inconvenient, it is certainly not as bad as getting rooted through your browser. The latter might be possible, but most certainly is much harder to accomplish than e.g., somehow tricking the user to download and eventually execute an executable that takes advantage of said exploit. If anyone were to try (exploiting through the browser directly), one of the numerous plugins (especially closed binaries which are exactly the same on all linux computers that use the same plugin) would be the best (and probably easiest) delivery mechanism.
This is a buffer overflow vulnerability. If security is a concern for you, you should consider a Linux distribution that considers security important. There are existing security facilities, like ExecShield and SELinux that make many vulnerabilities non-exploitable. Distributions that include these facilities (like Fedora Core) are, as a result, more secure. You have a choice of hundreds of Linux distributions, each with it's own target audience. Just pick one that matches your concerns.
As the article says, that's the problem with closed source. I would say if you don't need the 3D acceleration, use the nv drivers for most days. I keep two versions of xorg.conf around as backup (xorg.conf.nv and xorg.conf.nvidia). Then when I want to play 3D games, I copy over the nvidia one and restart X. When I'm done, I copy over the nv one and then restart X...
1.0-8776 for Linux x86 released
Release Highlights:
* Added hotfix for Rapid7 Advisory R7-0025. Please view this NVIDIA Knowledgebase article for more information on this hotfix and the affected drivers.
Looks like Nvidia finally fixed this, just download the new 8776 driver or newer.
1.0-8776 for Linux x86 released
Release Highlights:
* Added hotfix for Rapid7 Advisory R7-0025. Please view this NVIDIA Knowledgebase article for more information on this hotfix and the affected drivers.
Looks like Nvidia finally fixed this, just download the new 8776 driver or newer.
Really n00b question: How do you "download" the fix you mentioned for the nVidia flaw? I wouldn't know how to do that in either Windows or Linux.
Please advise. I think I have: 128 mb GeForce FX 5200.
a) the "flaw" impacts my specific nVidia card
b) the "fix" on your link would work for ALL recent nVidia cards (GeForce FX 5200 is mine) or just a select few?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Proprietary nVidia drivers, Linux, and security
How do you
