Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
10-17-2006, 08:49 AM
|
#1
|
Member
Registered: Jan 2006
Location: Finland
Distribution: Mainly Gentoo
Posts: 119
Rep:
|
Nvidia binary driver exploit?!
Hi.
All comments and opinions about the latest - or, unfortunately, not so latest[1][2] - exploit of nVidia's binary drivers would be welcomed.
A proof-of-concept? Any real-world examples? Remote or local?
Security exports and others, please comment.
[1] http://kerneltrap.org/node/7228
[2] http://secunia.com/advisories/22419/
|
|
|
10-17-2006, 01:54 PM
|
#2
|
HCL Maintainer
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450
Rep:
|
Quote:
Originally Posted by gloomy
Hi.
All comments and opinions about the latest - or, unfortunately, not so latest[1][2] - exploit of nVidia's binary drivers would be welcomed.
A proof-of-concept? Any real-world examples? Remote or local?
Security exports and others, please comment.
|
Not quite sure what you're asking.
There exists a security bug in nVidia's binary drivers, which allows for the possibility of a buffer overflow in data supplied to an affected X server by an X client.
Therefore, any X client capable of talking to the server can (intentionally or unintentionally) overflow the buffer.
The best outcome is that nothing happens. The most likely outcome is the crashing of X (sometime later on). The worst outcome is the execution of arbitrary code with root privileges.
The nature of a potential exploit depends on the nature of the potential victim. Who do you allow to connect to your X server (let's count)? Is it only users in a special group? If you intend to serve a network, you will have to count those in your total. Now all the users/groups on the list you've compiled have the potential to escalate their priviledges, and should be treated as the potential pathways for an exploit to attack your computer. NOTE: the most likely scenario is that all programs connecting to your X server will have your priviledge level (i.e., executed (knowingly or unknowingly) as `whoami`), and the only pathway a potential exploit can take is to trick you in one way or another.
There is a proof-of-concept exploit written by rapid7. It is just that: a proof that this software is vulnerable. This proof-of-concept doesn't do anything malicious, but could be modified to do so. AFAIK, there are no wild exploits circulating. BTW, the proof of concept works on x86 only when you are running with a 4-byte wordsize (i.e., only on a 32-bit x86 or x86_64 in 32-bit mode). This does not mean they are invulnerable, it just means that that particular code won't work. It is also likely that the Solaris and BSD counterparts to these drivers are also vulnerable. It is unverified that the new beta drivers released by nVidia in September fixed the bug.
|
|
|
10-17-2006, 09:46 PM
|
#3
|
Member
Registered: Jul 2006
Distribution: Ubuntu 11.10 (desktop), lubuntu 11.10 (netbook)
Posts: 73
Rep:
|
I read an article on ZDNet about this which quoted the creator of the exploit code as saying the vulnerability could be exploited by a malicious web site. If this is true, I would say this is a very significant flaw. I don't really need 3d video so I personally decided to go back to the open source driver at least until the flaw is patched.
|
|
|
10-17-2006, 11:22 PM
|
#4
|
Senior Member
Registered: Mar 2006
Posts: 1,896
Rep:
|
Quote:
Originally Posted by gloomy
A proof-of-concept? Any real-world examples? Remote or local?
|
The security advisory states both local and remote exploits are possible, including simply visiting a malicious website (ouch!). The advisory gives a link to POC source code.
I've not seen any updates.
|
|
|
10-18-2006, 12:30 AM
|
#5
|
Senior Member
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid/RPIOS
Posts: 4,909
|
Nvidia Driver 'root-exploit': workaround
Nvidia Driver 'root-exploit': workaround
Quote:
Nvidia Driver For Linux v8774 and v8762 are subject to a buffer overflow bug that creates a means for hackers to inject hostile code as root.
by default the nvidia drivers try to accelerate the XRender extension (used for AA fonts and other things) in hardware
: Option "RenderAccel" "false" can indeed work around the exploit
in : Section "Device" , in /etc/X11/xorg.conf
change
Code:
Option "RenderAccel" "0"
save, restart X
exploit only possible on pre-96xx-series drivers
thanks to Thunderbird for the fix
|
actually, it seems that anything before v9625 may be vulnerable:
http://www.nvnews.net/vbulletin/showthread.php?t=78322
and v9625 and v9626 (the latest version) are beta versions, supposedly buggy
|
|
|
10-18-2006, 12:07 PM
|
#6
|
HCL Maintainer
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450
Rep:
|
Quote:
Originally Posted by blackhole54
The security advisory states both local and remote exploits are possible, including simply visiting a malicious website (ouch!). The advisory gives a link to POC source code.
I've not seen any updates.
|
The exploit described by pointing your browser to a malicious webpage causes a Denial of Service, possibly crashing the X server. While this is very inconvenient, it is certainly not as bad as getting rooted through your browser. The latter might be possible, but most certainly is much harder to accomplish than e.g., somehow tricking the user to download and eventually execute an executable that takes advantage of said exploit. If anyone were to try (exploiting through the browser directly), one of the numerous plugins (especially closed binaries which are exactly the same on all linux computers that use the same plugin) would be the best (and probably easiest) delivery mechanism.
|
|
|
10-19-2006, 02:56 PM
|
#7
|
Member
Registered: May 2006
Location: Kansas City, MO
Distribution: Currently Mint
Posts: 651
Rep:
|
Proprietary nVidia drivers, Linux, and security
How safe are proprietary drivers in Linux? I just read an article suggesting that they are not very safe.
Take a look:
http://www.heise-security.co.uk/news/79623
How do I know if this applies to me, or my current nVida graphics card?
Any thoughts?
Thanks!
|
|
|
10-19-2006, 04:54 PM
|
#8
|
Senior Member
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
|
This is a buffer overflow vulnerability. If security is a concern for you, you should consider a Linux distribution that considers security important. There are existing security facilities, like ExecShield and SELinux that make many vulnerabilities non-exploitable. Distributions that include these facilities (like Fedora Core) are, as a result, more secure. You have a choice of hundreds of Linux distributions, each with it's own target audience. Just pick one that matches your concerns.
|
|
|
10-19-2006, 04:55 PM
|
#9
|
LQ Guru
Registered: Dec 2005
Location: Somewhere on the String
Distribution: Debian Wheezy (x86)
Posts: 6,094
|
As the article says, that's the problem with closed source. I would say if you don't need the 3D acceleration, use the nv drivers for most days. I keep two versions of xorg.conf around as backup (xorg.conf.nv and xorg.conf.nvidia). Then when I want to play 3D games, I copy over the nvidia one and restart X. When I'm done, I copy over the nv one and then restart X...
|
|
|
10-20-2006, 12:01 AM
|
#10
|
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658
Rep:
|
We already have a thread open regarding the nvidia binary driver exploit. I'm going to close this one, but feel free to continue discussion there:
http://www.linuxquestions.org/questi...d.php?t=493151
|
|
|
10-20-2006, 06:38 AM
|
#11
|
Moderator
Registered: May 2001
Posts: 29,415
|
//I merged two out of three threads on the subject since they both contain replies and stickied the thread for the time being.
Last edited by unSpawn; 10-20-2006 at 06:45 AM.
|
|
|
10-20-2006, 10:50 PM
|
#12
|
Senior Member
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid/RPIOS
Posts: 4,909
|
1.0-8776 for Linux x86 released
Release Highlights:
* Added hotfix for Rapid7 Advisory R7-0025. Please view this NVIDIA Knowledgebase article for more information on this hotfix and the affected drivers.
Looks like Nvidia finally fixed this, just download the new 8776 driver or newer.
|
|
|
10-22-2006, 02:31 PM
|
#13
|
Member
Registered: May 2006
Location: Kansas City, MO
Distribution: Currently Mint
Posts: 651
Rep:
|
How do you
Quote:
Originally Posted by craigevil
1.0-8776 for Linux x86 released
Release Highlights:
* Added hotfix for Rapid7 Advisory R7-0025. Please view this NVIDIA Knowledgebase article for more information on this hotfix and the affected drivers.
Looks like Nvidia finally fixed this, just download the new 8776 driver or newer.
|
Really n00b question: How do you "download" the fix you mentioned for the nVidia flaw? I wouldn't know how to do that in either Windows or Linux.
Please advise. I think I have: 128 mb GeForce FX 5200.
Thanks.
|
|
|
10-22-2006, 06:22 PM
|
#14
|
Senior Member
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid/RPIOS
Posts: 4,909
|
I have it easy running Kanotix. To install the new 8776 driver all I do is as root install-nvidia-debian.sh and it install the newest driver.
Host/Kernel/OS "KanotixBox" running Linux 2.6.18-slh-up-2 i686 [ KANOTIX 2006 Easter ]
CPU Info AMD Duron 64 KB cache flags( - ) clocked at [ 1800.202 MHz ]
Videocard nVidia NV34 [GeForce FX 5500] X.Org 7.1.1 [ 1024x768 @75hz ]
Network cards Silicon Integrated Systems [SiS] SiS900 PCI Fast Ethernet, at port: e400
Processes 90 | Uptime 1day | Memory 622.574/629.402MB | HDD WDC WD800JB-00JJC0 Size 80GB (35%used) | GLX Renderer GeForce FX 5500/AGP/SSE/3DNOW! | GLX Version 2.0.2 NVIDIA 87.76 | Client Shell | Infobash v2.50
You can go to http://www.nvidia.com/object/linux_d..._1.0-8776.html to download it.
|
|
|
10-22-2006, 08:02 PM
|
#15
|
Member
Registered: May 2006
Location: Kansas City, MO
Distribution: Currently Mint
Posts: 651
Rep:
|
Thanks but how do I know if. . .
Quote:
Originally Posted by craigevil
I have it easy running Kanotix. To install the new 8776 driver all I do is as root install-nvidia-debian.sh and it install the newest driver.
Host/Kernel/OS "KanotixBox" running Linux 2.6.18-slh-up-2 i686 [ KANOTIX 2006 Easter ]
CPU Info AMD Duron 64 KB cache flags( - ) clocked at [ 1800.202 MHz ]
Videocard nVidia NV34 [GeForce FX 5500] X.Org 7.1.1 [ 1024x768 @75hz ]
Network cards Silicon Integrated Systems [SiS] SiS900 PCI Fast Ethernet, at port: e400
Processes 90 | Uptime 1day | Memory 622.574/629.402MB | HDD WDC WD800JB-00JJC0 Size 80GB (35%used) | GLX Renderer GeForce FX 5500/AGP/SSE/3DNOW! | GLX Version 2.0.2 NVIDIA 87.76 | Client Shell | Infobash v2.50
You can go to http://www.nvidia.com/object/linux_d..._1.0-8776.html to download it.
|
craigevil:
Thanks but how do I know if:
a) the "flaw" impacts my specific nVidia card
b) the "fix" on your link would work for ALL recent nVidia cards (GeForce FX 5200 is mine) or just a select few?
Thanks!
|
|
|
All times are GMT -5. The time now is 09:58 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|