Linked by Thom Holwerda on Mon 16th Oct 2006 22:26 UTC, submitted by Johan M;son Lindman
Privacy, Security, Encryption A recent security advisory announced today by Rapid7 explains, "the NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. This bug can be exploited both locally or remotely (via a remote X client or an X client which visits a malicious web page). A working proof-of-concept root exploit is attached to this advisory." The advisory goes on to note that the FreeBSD and Solaris binary drivers are also likely vulnerable and cautions, "it is our opinion that NVIDIA's binary driver remains an unacceptable security risk based on the large numbers of reproducible, unfixed crashes that have been reported in public forums and bug databases."
Thread beginning with comment 172261
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: First one...
by Moulinneuf on Tue 17th Oct 2006 00:32 UTC in reply to "First one..."
Moulinneuf
Member since:
2005-07-06

Nvidia website is nvidia.com ,

** Beta driver ** , that dont fix the August version on the official main site ...

"nVidia is the only option for Accelerated High Performance Consumer 3D Graphics under operating systems such as Solaris. "

http://www.xig.com/Pages/Summit/OSsupport.html#Solaris32anchor

"Quite frankly, they could name an exploit every day and I still wouldn't care. "

I wonder where they get the idea that employee are the #1 security risk , with people like you ... ( really cynical here ).

" I have no choice in hardware..."

Driver is hardware now ...

Reply Parent Score: -5

RE[2]: First one...
by lfeagan on Tue 17th Oct 2006 00:42 in reply to "RE: First one..."
lfeagan Member since:
2006-04-01

On the subject of the XIG drivers. As an owner and a long-time user of one of their packages, I feel I can comment that they are excellent drivers. The only thing that is a shame is that more recent and powerful hardware cards are not supported.

Through the efforts of the manufacturers, they have laregely been pushed out of the fully hardware accelerated chips and mostly focus on Intel integrated graphics solutions these days.

I own one of their Platinum packages for my old HP notebook and have been quite pleased. The performance is excellent (given the underlying chipset) and they are extremely reliable. However, if you demand incredible performance on a modern 3D design package, you will be out of luck with XIG as they simply no longer support recent 3D Labs, nVidia, or ATI hardware. It is really a shame.

I believe in their products and appreciate all the work it takes to develop their products.

Reply Parent Score: 1

RE[3]: First one...
by binarycrusader on Tue 17th Oct 2006 02:47 in reply to "RE: First one..."
binarycrusader Member since:
2005-07-06

The only thing that is a shame is that more recent and powerful hardware cards are not supported.

Which is my primary problem and why I qualified my statement with "High Performance". XiG is not an option.

Reply Parent Score: 1

RE[2]: First one...
by binarycrusader on Tue 17th Oct 2006 02:49 in reply to "RE: First one..."
binarycrusader Member since:
2005-07-06


http://www.xig.com/Pages/Summit/OSsupport.html#Solaris32anchor


nVidia is still the only option. XiG's support is only good for the older generation of video cards. I don't see SLI or anything like that on there either (maybe I'm missing it). Not only that, between choosing to pay for a driver and one for free, the choice is obvious in this case...

Besides, this whole conversation was about binary drivers, how is choosing *another* binary driver any better?

Reply Parent Score: 2

RE[3]: First one...
by Moulinneuf on Tue 17th Oct 2006 03:32 in reply to "RE[2]: First one..."
Moulinneuf Member since:
2005-07-06

"nVidia is still the only option."

Your not interested to pay for other options ...

"between choosing to pay for a driver and one for free"

The cost of a working secure and up to date driver is included in the sale price of the graphic card.

"how is choosing *another* binary driver any better?"

I was answering your no other option comment.

Reply Parent Score: 1