http://www.rapid7.com/advisories/R7-0025.jsp says " The NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. This bug can be exploited both locally or remotely (via a remote X client or an X client which visits a malicious web page). A working proof-of-concept root exploit is included with this advisory.
" There have been multiple public reports of this NVIDIA bug on the NVNews forum [1,2] and elsewhere, dating back to 2004 [3]. NVIDIA's first public acknowledgement of this bug was on July 7th, 2006. [...] " As of the publication date, the latest NVIDIA binary driver is still vulnerable. [...]" Time to drop the nvidia package from the mirrors? (and nearly 2 years for an ack of a remote root bug?!? Would you trust this in your OS?) Seen in http://www.hermann-uwe.de/blog/nvidia-binary-graphics-driver-root-exploit -- MJ Ray - see/vidu http://mjr.towers.org.uk/email.html Somerset, England. Work/Laborejo: http://www.ttllp.co.uk/ IRC/Jabber/SIP: on request/peteble _______________________________________________ gobolinux-devel mailing list gobolinux-devel@lists.gobolinux.org http://lists.gobolinux.org/mailman/listinfo/gobolinux-devel
