news security hole found in nvidia driver service

Security hole found in Nvidia driver service

Graphics drivers often get flak for compatibility issues and overzealous optimizations, but we rarely hear about security holes. There are exceptions for everything, though. Threatpost reports that a freshly discovered vulnerability in Nvidia’s Display Driver Service "could hand over administrator privileges on Windows machines to an attacker."

UK security researcher Peter Winter-Smith posted the exploit to Pastebin earlier this week. He wrote up the following explanation, as well:

Here is an interesting exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability. . . . The buffer overflow occurs as a result of a bad memmove operation.

(Curious-minded readers can check the Pastebin posting for more details.)

Apparently, Winter-Smith didn’t tip Nvidia off before sharing the exploit publicly. That’s because, he says, "The risk from this particular flaw being exploited was (is) sufficiently low that I didn’t think it would warrant the wait." Quoting the researcher, Threatpost explains that the exploit mainly affects "domain-based machine[s]" with "relaxed firewall rules" and file sharing enabled.

Well, at least that part is reassuring, I guess. Here’s hoping Nvidia addresses the problem soon. In the meantime, keep your firewalls up!

0 responses to “Security hole found in Nvidia driver service

  1. I’ll be quoting someone from another site:
    [quote<]So let me get this straight. For someone to exploit this vulnerability the following must be true: 1. The attacker mush know the username and password of an active local user account on the machine. 2. The firewall has to allow traffic in through whatever port the service is listening on. You'd have to have a pretty shitty security setup already for this vulnerability to really affect you. [/quote<] To be vulnerable to this Nvidia driver exploit, you'd have to make yourself vulnerable to almost anything else that can exploit vulnerabilities in everything in your PC, i.e. by the time that the hole in the drivers is 'exploitable' you're already at the point where you are also 'exploitable' at practically any other thing in your PC.

  2. I remember way back when before the term “trolling” become so popular, that people would use any number of words to describe things on the internet. I really miss that day. “Flaming” was my favorite (no homo).

  3. It’s an advanced feature that only appears after you check the ‘Show options stated with horrible grammar’ box.

  4. Which dialog contains the “Disable uncheck windows file and print sharing” option? I’d really like to see that one?

  5. Excellent trolling, a most wonderfull selection of words. You Sir are a gentlemen and a scholar.

  6. Wait, weren’t they the greatest video driver makers in the multiverse?

    I keed, i keed, they can’t be perfect. But srsly they should get it fixed now that it’s a widely known exploit.

  7. I cannot say that I have not had this happen at work. But instead of a sysadmin it was security personnel. Security are the dodgiest guys in the business (basically a drop out cop).

  8. “file sharing enabled” is not torrenting, has absolutely zero to do with it. But you’re right, never underestimate…

  9. [quote<]"domain-based machine[s]" with "relaxed firewall rules" and file sharing enabled.[/quote<] So just the sysadmin's laptop in the back room with all the rule exceptions for torrenting porn on the fat company fiber connection. I'd say "do these guys actually exist?" and "who torrents at work when they can get gigabytes in a few minutes at home", but I've heard the stories. Never underestimate how stupid people can be; no standard is too low.