Wednesday, December 26th 2012

Does NVIDIA Display Driver Service Make Your System Vulnerable?

An [ethical?] hacker going by the Twitter handle @peterwintrsmith discovered a gaping security hole in NVIDIA's display driver service that allows ordinary local and remote users to gain administrator privileges in Windows. Mr. Winter-Smith posted a description and details of the exploit, in which he describes the NVIDIA Display Device server (NVVSVC) as listening on a pipe (a means by which different processes talk to each other) "pipensvr," which has an null/empty discretionary access control list (DACL, a security whitelist for users/groups), letting ordinary logged in local and remote users (firewall permitting, and the remote admin has a local account) to gain administrator rights to the system. In our opinion, the exploit is plausible, and could cut short winter breaks of a few in Santa Clara.

Source: TechPowerUp Forums
Add your own comment

23 Comments on Does NVIDIA Display Driver Service Make Your System Vulnerable?

#1
tacosRcool
So that means they need to fix it!
Posted on Reply
#2
Aquinus
Resident Wat-man
by: tacosRcool
So that means they need to fix it!
The question is how long has it been there and should nVidia have fixed it (and found it,) before now. I think this is just another example of how drivers are never perfect and is another reason why people shouldn't bash AMD or nVidia for drivers that they've dumped a lot of time and effort into.
Posted on Reply
#3
PopcornMachine
Those darn buggy NVIDIA drivers! When are they going to fix them?


Just kidding. It's a joke. Get it?
Posted on Reply
#4
Jack1n
Does not sound legit.
Posted on Reply
#5
1c3d0g
It might be plausible to exploit this, but come on:
...and the remote admin has a local account...
This alone tells me it would be extremely hard for a hacker to exploit this bug unless they've already infiltrated or otherwise compromised your network elsewhere. :ohwell:
Posted on Reply
#6
newtekie1
Semi-Retired Folder
So let me get this straight. For someone to exploit this vulnerability the following must be true:

  1. The attacker mush know the username and password of an active local user account on the machine.
  2. The firewall has to allow traffic in through whatever port the service is listening on.
You'd have to have a pretty shitty security setup already for this vulnerability to really affect you.
Posted on Reply
#7
W1zzard
1) Put it in a legitimate download that runs on the user's local machine (without admin privileges).
2) Get the current username via code (very easy)
3) Run the exploit, BAM admin
4) Do evil things(tm)
Posted on Reply
#8
TheMailMan78
Big Member
by: W1zzard
1) Put it in a legitimate download that runs on the user's local machine (without admin privileges).
2) Get the current username via code (very easy)
3) Run the exploit, BAM admin
4) Do evil things(tm)
Number one would be the hard part I assume. Someone would have to knowingly allow such an exploit to be installed which would eliminate 99.99999% of legitimate downloads from companies.

Torrents........that's a different story.
Posted on Reply
#9
btarunr
Editor & Senior Moderator
by: TheMailMan78
Number one would be the hard part I assume.
Make something like bronypics.exe, post it on a few adult bbs' and get a million users of your app in a day.
Posted on Reply
#10
Absolution
A few week(s) after AMD announces a patch, nvidia leak is found by an ethical hacker. Maybe this guy was the one who alerted AMD privately..

AMD FANBOI

by: btarunr
Make something like bronypics.exe, post it on a few adult bbs' and get a million users of your app in a day.
:laugh:
Posted on Reply
#11
Ferrum Master
The Red empire strikes back? Who said our cards stutter? At least our ones are not full of germs :laugh:
Posted on Reply
#13
Krneki
In 2012

In this day and age someone is still running a Windows system without a firewall/router?

In this case never mind the Nvidia/ATI shitty drivers, he is already a zombie (botnet).
Posted on Reply
#15
DanTheBanjoman
Señor Moderator
by: W1zzard
1) Put it in a legitimate download that runs on the user's local machine (without admin privileges).
2) Get the current username via code (very easy)
3) Run the exploit, BAM admin
4) Do evil things(tm)
So basically... don't download gpu-z and other software form here until it's fixed.
Posted on Reply
#16
Aquinus
Resident Wat-man
by: DanTheBanjoman
So basically... don't download gpu-z and other software form here until it's fixed.
:roll: Hah! Dan has seen through your devious plan, W1z. :p
Posted on Reply
#17
Katanai
Fear, uncertainty and doubt (FUD), is a tactic used in sales, marketing, public relations, politics and propaganda.

FUD is generally a strategic attempt to influence perception by disseminating negative and dubious or false information. An individual firm, for example, might use FUD to invite unfavorable opinions and speculation about a competitor's product; to increase the general estimation of switching costs among current customers; or to maintain leverage over a current business partner who could potentially become a rival.

The term originated to describe disinformation tactics in the computer hardware industry but has since been used more broadly.
Posted on Reply
#18
W1zzard
There is no FUD in this. In half a day every half decent programmer can write some code that exploits the vulnerability. With probably no antivirus catching it.
Posted on Reply
#19
Ferrum Master
by: W1zzard
There is no FUD in this. In half a day every half decent programmer can write some code that exploits the vulnerability. With probably no antivirus catching it.
The problem is always figuring out how to make a safe profit :D
Posted on Reply
#20
Steevo
by: TheMailMan78
Number one would be the hard part I assume. Someone would have to knowingly allow such an exploit to be installed which would eliminate 99.99999% of legitimate downloads from companies.

Torrents........that's a different story.
Drive by downloads, or java exploit, need I say more.

Wait

And browser hijack redirects.


I'm growing a beard™, so I am safe.
Posted on Reply
#21
Fluffmeister
The exploit mainly affects "domain-based machine[s]" with "relaxed firewall rules" and file sharing enabled.

Oh noes!
Posted on Reply
#22
newconroer
by: Krneki
In this day and age someone is still running a Windows system without a firewall/router?

In this case never mind the Nvidia/ATI shitty drivers, he is already a zombie (botnet).
Don't you have that the other way around? What normal home network uses Windows firewall or any soft-firewall for that matter?
And if a commercial network already has infiltration to the backdoor level *as is required for this to be an issue* then who cares, you're in trouble already.

Sounds like this guy is turning a molehill into a mountain just to get some press.

by: Steevo
Drive by downloads, or java exploit, need I say more.

Wait

And browser hijack redirects.


I'm growing a beard™, so I am safe.
A) Hosts files
B) Don't visit shady websites/open shady email attachments
C) Take control/concern with your Active X and Java
D) All remote registry services disabled (until the time of requirement/access needed)

Statistically impossible for you to get a blown virus. About the worst you may encounter is a sneaky bit of malware that slipped in through browser controls and all it does is snoop or redirect you to paysites.
Posted on Reply
Add your own comment