Board index
Alientrap.org
General Discussion

Buffer Overflow in NVIDIA Binary Graphics Driver For Linux

Post anything on anything here

Moderator: Moderators

Post a reply
Buffer Overflow in NVIDIA Binary Graphics Driver For Linux
Tue Oct 17, 2006 10:01 am
Tue Oct 17, 2006 12:17 pm

  • crap :evil:
    and there's no fix yet, apart from using the open 'nv' driver, which isn't accelerated...
    The road of excess leads to the palace of wisdom.
    - W.Blake
    User avatar
    Daedalus
    Alien trapper
     
    Posts: 311
    Joined: Tue Feb 28, 2006 9:29 pm
    Location: Interzone
    Top
Tue Oct 17, 2006 1:16 pm

  • I'd still use the driver since I'm not likely to get attacked. The whole network is stealthed.
    Laters losers.
    Ed
    Forum addon
     
    Posts: 1172
    Joined: Wed Mar 01, 2006 12:32 am
    Location: UK
    Top
Tue Oct 17, 2006 1:34 pm
Tue Oct 17, 2006 8:36 pm

  • As I can say from my experience, disabling RenderAccel isn't THAT harmful. Video and 3D acceleration are unaffected, RenderAccel only accelerates font display and without it, it still is fast enough for me.

    So as workaround, edit /etc/X11/xorg.conf and add to the "Device" section for the "nvidia" driver:

    Option "RenderAccel" "False"

    Then exit all applications and restart your X server (for example by zapping: Ctrl-Alt-Backspace) to make the change take effect.
    1. Open Notepad
    2. Paste: ÿþMSMSMS
    3. Save
    4. Open the file in Notepad again

    You can vary the number of "MS", so you can clearly see it's MS which is causing it.
    User avatar
    divVerent
    Site admin and keyboard killer
     
    Posts: 3809
    Joined: Thu Mar 02, 2006 4:46 pm
    Location: BRLOGENSHFEGLE
    Top
Tue Oct 17, 2006 8:40 pm

  • Ed wrote:I'd still use the driver since I'm not likely to get attacked. The whole network is stealthed.


    A possible exploit is an input field on a website, like the "Subject" field of this forum software. The attacker can make a website with a very long string in this input field.

    AFAIK an exploit for this is not in the wild yet, apart from POCs that "just" crash your X session.
    1. Open Notepad
    2. Paste: ÿþMSMSMS
    3. Save
    4. Open the file in Notepad again

    You can vary the number of "MS", so you can clearly see it's MS which is causing it.
    User avatar
    divVerent
    Site admin and keyboard killer
     
    Posts: 3809
    Joined: Thu Mar 02, 2006 4:46 pm
    Location: BRLOGENSHFEGLE
    Top
Wed Dec 06, 2006 1:56 pm

  • divVerent wrote:AFAIK an exploit for this is not in the wild yet, apart from POCs that "just" crash your X session.


    Oh me dark lord! :shock:

    I've actually been kicked in the head by this thing once. I was using an online translator (I can't seem to find the link at this moment but will probably post it here if I do) that usually worked very well. THAT time, when I clicked 'Submit', having no time to even try to load the new page, the X session was bye bye. Logged in again, tried it again... Bang!

    At that time I thought it was some wicked Firefox vulnerability (though it seemed weird because... still... it should take a lot to crash the session), but now it all became very clear. I'm going to edit my config and stuff, thanks guys :).

    P.S.: Please DO excuse me for resurrecting a rather old topic but I just needed to comment. :roll:
    User avatar
    BusterDBK
    Alien
     
    Posts: 195
    Joined: Mon May 01, 2006 8:07 pm
    Location: Bucharest, Romania
    Top
Expand view

Post a reply

Return to General Discussion




Information
  • Who is online
  • Users browsing this forum: No registered users and 1 guest

© DarkFX style created by Abhishek Srivastava