Linked by Thom Holwerda on Mon 16th Oct 2006 22:26 UTC, submitted by Johan M;son Lindman
A recent security advisory announced today by Rapid7 explains, "the NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. This bug can be exploited both locally or remotely (via a remote X client or an X client which visits a malicious web page). A working proof-of-concept root exploit is attached to this advisory." The advisory goes on to note that the FreeBSD and Solaris binary drivers are also likely vulnerable and cautions, "it is our opinion that NVIDIA's binary driver remains an unacceptable security risk based on the large numbers of reproducible, unfixed crashes that have been reported in public forums and bug databases."
Thread beginning with comment 172265
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:
2006-04-01
On the subject of the XIG drivers. As an owner and a long-time user of one of their packages, I feel I can comment that they are excellent drivers. The only thing that is a shame is that more recent and powerful hardware cards are not supported.
Through the efforts of the manufacturers, they have laregely been pushed out of the fully hardware accelerated chips and mostly focus on Intel integrated graphics solutions these days.
I own one of their Platinum packages for my old HP notebook and have been quite pleased. The performance is excellent (given the underlying chipset) and they are extremely reliable. However, if you demand incredible performance on a modern 3D design package, you will be out of luck with XIG as they simply no longer support recent 3D Labs, nVidia, or ATI hardware. It is really a shame.
I believe in their products and appreciate all the work it takes to develop their products.