Nvidia Linux driver: Closed source makes open source unsafe [Update]
The proprietary, closed source binary driver from Nvidia has torn open a security hole in Linux through which ill-intentioned individuals can plant arbitrary program code and then execute it with root rights. A security advisory from Rapid7 links to a proof-of-concept exploit demonstrating the security hole. Websites could, for example, also exploit the hole by integrating manipulated web fonts, Rapid7 reports.
Trials run by heise Security on a test computer found that the exploit led to a crash of the X-window system. According to the exploit code, this happens when the program cannot find the correct address at which to write shellcode.
Binary drivers from Nvidia in Version v8774 and v8762 for Linux are affected. Drivers for FreeBSD and Solaris as well as older versions for Linux potentially also contain the flaw. Nvidia has not as yet released an update to close the hole. Until an updated driver is released, affected users should stipulate the open source nv driver in their x11 configuration instead of the flawed Nvidia driver.
Proprietary, closed source drivers have long been a thorn in the side of the Linux community. A year ago, the kernel developers even went so far as to discuss the feasibility of locking closed source drivers out of the kernel.
Update from 20.10.2006:
Since this story was first published, Nvidia has made new drivers available for download which include a hotfix for the vulnerability. The Linux distributors should also be able ship updated packages soon.
- Buffer Overflow in NVIDIA Binary Graphics Driver For Linux, advisory from Rapid7
- Proof-of-Concept-Exploit demonstrating the security hole