A security flaw in the binary NVidia graphics drivers used by many Linux systems could allow an attacker to compromise, through a malicious Web page, any computer using the company's driver, security firm Rapid7 stated on Monday.
The NVidia Binary Graphics Driver for Linux remains vulnerable, the company said in an advisory. However, the flaw has been publicly reported and may have been known about as early as December 2004, prompting the company to report the issue publicly.
"As of the publication date, the latest NVidia binary driver is still vulnerable," the company stated. "Furthermore, it is our opinion that NVidia's binary driver remains an unacceptable security risk based on the large numbers of reproducible, unfixed crashes that have been reported in public forums and bug databases."
Security researchers and flaw finders have increasingly focused on seeking out vulnerabilities in the device drivers that power, for example, wireless networking hardware and graphics adapters. This summer, two researchers found multiple flaws in the wireless device drivers used by many laptops, including a controversial bug in a driver for Apple MacBooks. Some discussions have suggested a connection between the NVidia issue a crash bug in the X Window system that affected Ubuntu Linux users in August.
Rapid7 advised Linux users with NVidia graphics cards to revert from using the closed-source binary drivers to the open-source "nv" drivers, even though those drivers do not have the 3-D functionality of NVidia's software.
Posted by: Robert Lemos