The following says it all:
The NVIDIA Binary Graphics Driver for Linux is vulnerable to a
buffer overflow that allows an attacker to run arbitrary code as
root. This bug can be exploited both locally or remotely (via
a remote X client or an X client which visits a malicious web page).
A working proof-of-concept root exploit is included with this
advisory.
Yeah, so apparently we don't need Internet Explorer and Windows anymore to have malicious software silently installed on our computers - we just need NVIDIA's closed-source graphics driver. Update: Fortunately, the bug has been fixed in NVIDIA's 1.0-9625 beta driver. The thing is, you need Xorg 7.1 to run that, so everyone running Ubuntu 6.06/Dapper Drake is still vulnerable.
On that note - are there any analogous driver exploits in Windows like this? I didn't even think something like this was possible in Linux...
(Thanks Hubert...)
Posted in: