Security hole found in Nvidia driver service

Graphics drivers often get flak for compatibility issues and overzealous optimizations, but we rarely hear about security holes. There are exceptions for everything, though. Threatpost reports that a freshly discovered vulnerability in Nvidia’s Display Driver Service "could hand over administrator privileges on Windows machines to an attacker."

UK security researcher Peter Winter-Smith posted the exploit to Pastebin earlier this week. He wrote up the following explanation, as well:

Here is an interesting exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability. . . . The buffer overflow occurs as a result of a bad memmove operation.

(Curious-minded readers can check the Pastebin posting for more details.)

Apparently, Winter-Smith didn’t tip Nvidia off before sharing the exploit publicly. That’s because, he says, "The risk from this particular flaw being exploited was (is) sufficiently low that I didn’t think it would warrant the wait." Quoting the researcher, Threatpost explains that the exploit mainly affects "domain-based machine[s]" with "relaxed firewall rules" and file sharing enabled.

Well, at least that part is reassuring, I guess. Here’s hoping Nvidia addresses the problem soon. In the meantime, keep your firewalls up!

Comments closed
    • kathyes7309
    • 7 years ago
    • entropy13
    • 7 years ago

    I’ll be quoting someone from another site:
    [quote<]So let me get this straight. For someone to exploit this vulnerability the following must be true: 1. The attacker mush know the username and password of an active local user account on the machine. 2. The firewall has to allow traffic in through whatever port the service is listening on. You'd have to have a pretty shitty security setup already for this vulnerability to really affect you. [/quote<] To be vulnerable to this Nvidia driver exploit, you'd have to make yourself vulnerable to almost anything else that can exploit vulnerabilities in everything in your PC, i.e. by the time that the hole in the drivers is 'exploitable' you're already at the point where you are also 'exploitable' at practically any other thing in your PC.

    • Arclight
    • 7 years ago

    Wait, weren’t they the greatest video driver makers in the multiverse?

    I keed, i keed, they can’t be perfect. But srsly they should get it fixed now that it’s a widely known exploit.

    • ronch
    • 7 years ago

    Security holes! Security holes everywhere!

    • odizzido
    • 7 years ago

    I always disable uncheck windows file and print sharing anyways

      • Arclight
      • 7 years ago

      Not at work, usually you don’t.

      • GTVic
      • 7 years ago

      Which dialog contains the “Disable uncheck windows file and print sharing” option? I’d really like to see that one?

        • MadManOriginal
        • 7 years ago

        It’s an advanced feature that only appears after you check the ‘Show options stated with horrible grammar’ box.

    • Chrispy_
    • 7 years ago

    [quote<]"domain-based machine[s]" with "relaxed firewall rules" and file sharing enabled.[/quote<] So just the sysadmin's laptop in the back room with all the rule exceptions for torrenting porn on the fat company fiber connection. I'd say "do these guys actually exist?" and "who torrents at work when they can get gigabytes in a few minutes at home", but I've heard the stories. Never underestimate how stupid people can be; no standard is too low.

      • Washer
      • 7 years ago

      Who torrents porn anymore?

      • hansmuff
      • 7 years ago

      “file sharing enabled” is not torrenting, has absolutely zero to do with it. But you’re right, never underestimate…

      • Laykun
      • 7 years ago

      I cannot say that I have not had this happen at work. But instead of a sysadmin it was security personnel. Security are the dodgiest guys in the business (basically a drop out cop).

    • tfp
    • 7 years ago

    This is why Nvidia’s drivers are so fast, the hole just lets the images flow through.

      • Arclight
      • 7 years ago

      Excellent trolling, a most wonderfull selection of words. You Sir are a gentlemen and a scholar.

        • lilbuddhaman
        • 7 years ago

        I remember way back when before the term “trolling” become so popular, that people would use any number of words to describe things on the internet. I really miss that day. “Flaming” was my favorite (no homo).

          • yogibbear
          • 7 years ago

          Stop being so entitled!

        • tfp
        • 7 years ago

        Well thank you.

      • derFunkenstein
      • 7 years ago

      I regret that I have but one + to give for this post.

      • Anvil
      • 7 years ago

      Well played good sir.

Pin It on Pinterest

Share This