kanotix.com :: Thema anzeigen - Nvidia Driver 'root-exploit': workaround

kanotix.com

General Support - Nvidia Driver 'root-exploit': workaround

etorix - 17.10.2006, 09:24 Uhr
Titel: Nvidia Driver 'root-exploit': workaround

Nvidia Driver For Linux v8774 and v8762 are subject to a buffer overflow bug that creates a means for hackers to inject hostile code as root.
by default the nvidia drivers try to accelerate the XRender extension (used for AA fonts and other things) in hardware
: Option "RenderAccel" "false" can indeed work around the exploit
in : Section "Device" , in /etc/X11/xorg.conf
change

Code:

Option "RenderAccel" "0"

save, restart X

exploit only possible on pre-96xx-series drivers

thanks to Thunderbird for the fix

Swynndla - 17.10.2006, 23:31 Uhr
Titel: RE: Nvidia Driver

Thanks etorix

Ashton - 18.10.2006, 00:26 Uhr
Titel:

Zitat:

exploit only possible on pre-96xx-series drivers

Thanks for the info. How can we determine if our driver is one of those susceptible?

etorix - 18.10.2006, 03:25 Uhr
Titel:

Nvidia Driver For Linux v8774 and v8762 are subject to a buffer overflow bug

infobash -v3 , in a term, will show which driver youre on

jiro - 18.10.2006, 03:45 Uhr
Titel:

actually, it seems that anything before v9625 may be vulnerable:

http://www.nvnews.net/vbulletin/showthread.php?t=78322

and v9625 and v9626 (the latest version) are beta versions, supposedly buggy...

analogtek - 18.10.2006, 07:19 Uhr
Titel:

I did a upgrade to 1.0-9625..about 24 hr's ago. So far no vid lock's or strange stuff poping up...But I not gamer,, just do web and a little multi-media stuff..

DeepDayze - 18.10.2006, 14:17 Uhr
Titel:

9626 is out now...so far no issues with this version as well.

etorix - 19.10.2006, 00:30 Uhr
Titel:

this is a 'proof-of-concept' exploit , apparently only possible on 8774
never actually seen in-the-wild
but we like to take precautions, eh

eislon - 20.10.2006, 12:04 Uhr
Titel:

How serious is this bug?
How easy will hackers get into your machine? Ofcourse they need some kind of access to your linux system, so is it really that serious?

Kano - 20.10.2006, 12:18 Uhr
Titel:

Well just do:

update-scripts-kanotix.sh
install-nvidia-debian.sh -c

if you expericence problems use script without -c.

slh - 20.10.2006, 12:28 Uhr
Titel:

Browsing a website might be enough.

jiro - 20.10.2006, 14:58 Uhr
Titel:

nvidia just released a new, non-beta driver version, v8776, which is supposed to fix this bug. i installed that instead of the v9626 beta driver and it seems fine

craigevil - 20.10.2006, 18:40 Uhr
Titel:

What version of the driver is installed by using install-nvidia-debian.sh?

The_Seeker - 20.10.2006, 19:22 Uhr
Titel:

Zitat:

What version of the driver is installed by using install-nvidia-debian.sh?

I used the script about 30 minutes ago and it installed the latest driver, 8776.