Regarding my post here on 18.Oct.2006:
http://lists.debian.org/debian-security/2006/10/msg00046.html
Nvidia has published a bulletin on this security hole :
http://nvidia.custhelp.com/cgi-bin/nvidia.cfg/php/enduser/std_adp.php?p_faqid=1971
(dated 20th.Oct - sorry, only just found it)
Here are
* Henrique de Moraes Holschuh:
Do you always use xterm in secure keyboard mode to type in
passwords?
The secure keyboard mode does not do what you think it does. Recent
versions of the manpage have been updated accordingly (It cannot
ensure that there are no processes which have access to
Hi,
On Wed, Oct 18, 2006 at 12:02:28PM +0200, Izak Burger wrote:
On 10/18/06, Matvey Gladkikh [EMAIL PROTECTED] wrote:
Stop using blobs like nvidia videodriver in debian.
Force them to go opensource!
Can the opensource driver do proper acceleration yet?
No, but have a look at
On Wed, Oct 18, 2006 at 05:55:00AM +0400, Noah Meyerhans wrote:
On Wed, Oct 18, 2006 at 02:11:24AM +0100, paddy wrote:
NB: although some are saying this is a local root exploit only, the
bulletin points out it can be exploited by visiting a malicious
webpage.
I've not scrutinised
On 10/18/06, Matvey Gladkikh [EMAIL PROTECTED] wrote:
Stop using blobs like nvidia videodriver in debian.
Force them to go opensource!
Can the opensource driver do proper acceleration yet?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL
On Wed, Oct 18, 2006 at 03:30:18AM +0100, paddy wrote:
On Tue, Oct 17, 2006 at 09:53:49PM -0400, Noah Meyerhans wrote:
On Wed, Oct 18, 2006 at 02:11:24AM +0100, paddy wrote:
NB: although some are saying this is a local root exploit only, the
bulletin points out it can be exploited by
On Tue, 17 Oct 2006 21:53:49 -0400, Noah Meyerhans wrote:
However, as I read it,
it sounds like you can only run arbitrary code if you are actually
accessing the X server directly via a client. While this client can be
local or remote, nobody is going to allow unauthenticated remote clients
On Wed, Oct 18, 2006 at 10:42:05AM +, Sam Morris wrote:
On Tue, 17 Oct 2006 21:53:49 -0400, Noah Meyerhans wrote:
However, as I read it,
it sounds like you can only run arbitrary code if you are actually
accessing the X server directly via a client. While this client can be
local or
On Wed, 18 Oct 2006 11:48:18 +0100, Dominic Hargreaves wrote:
On Wed, Oct 18, 2006 at 10:42:05AM +, Sam Morris wrote:
On Tue, 17 Oct 2006 21:53:49 -0400, Noah Meyerhans wrote:
However, as I read it,
it sounds like you can only run arbitrary code if you are actually
accessing the X
On Wed, 18 Oct 2006, Sam Morris wrote:
sshing to a compromised machine with X forwarding enabled is already a
big enough problem without adding root exploits.
Don't ssh with X forwarding to an untrusted machine. Ever.
The point is that I may trust the machine, it may have been
Regarding the remote root hole in Nvidia's closed-source binary xserver driver
announced today by Rapid7 :
http://download2.rapid7.com/r7-0025/
and being discussed all over the place :
http://it.slashdot.org/article.pl?sid=06/10/16/2038253
http://kerneltrap.org/node/7228
it looks to me as
On Wed, Oct 18, 2006 at 01:38:25AM +0100, Nick Boyce wrote:
Just for the sake of calm (my calm) can anyone else confirm this ?
sorry, no not right now, although I do have a machine out there with this,
I just don't have access to it right now :-(
I do hope that you're right :-)
and thanks for
On Wed, 18 Oct 2006 01:38:25 +0100, Nick Boyce wrote:
Regarding the remote root hole in Nvidia's closed-source binary xserver
driver
announced today by Rapid7 :
http://download2.rapid7.com/r7-0025/
and being discussed all over the place :
On Wed, Oct 18, 2006 at 02:11:24AM +0100, paddy wrote:
NB: although some are saying this is a local root exploit only, the
bulletin points out it can be exploited by visiting a malicious
webpage.
I've not scrutinised the claims closely, but it looks like a remote
vulnerability to me :-(
On Tue, Oct 17, 2006 at 09:53:49PM -0400, Noah Meyerhans wrote:
On Wed, Oct 18, 2006 at 02:11:24AM +0100, paddy wrote:
NB: although some are saying this is a local root exploit only, the
bulletin points out it can be exploited by visiting a malicious
webpage.
I've not scrutinised
15 matches
Mail list logo