1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Does NVIDIA Display Driver Service Make Your System Vulnerable?

Discussion in 'News' started by btarunr, Dec 26, 2012.

  1. btarunr

    btarunr Editor & Senior Moderator Staff Member

    Joined:
    Oct 9, 2007
    Messages:
    28,553 (11.25/day)
    Thanks Received:
    13,644
    Location:
    Hyderabad, India
    An [ethical?] hacker going by the Twitter handle @peterwintrsmith discovered a gaping security hole in NVIDIA's display driver service that allows ordinary local and remote users to gain administrator privileges in Windows. Mr. Winter-Smith posted a description and details of the exploit, in which he describes the NVIDIA Display Device server (NVVSVC) as listening on a pipe (a means by which different processes talk to each other) "\pipe\nsvr," which has an null/empty discretionary access control list (DACL, a security whitelist for users/groups), letting ordinary logged in local and remote users (firewall permitting, and the remote admin has a local account) to gain administrator rights to the system. In our opinion, the exploit is plausible, and could cut short winter breaks of a few in Santa Clara.

    [​IMG]

    Source: TechPowerUp Forums
     
    Last edited: Dec 26, 2012
    Ikaruga and Aquinus say thanks.
  2. tacosRcool

    tacosRcool

    Joined:
    May 14, 2012
    Messages:
    860 (1.00/day)
    Thanks Received:
    71
    So that means they need to fix it!
     
  3. Aquinus

    Aquinus Resident Wat-man

    Joined:
    Jan 28, 2012
    Messages:
    6,285 (6.50/day)
    Thanks Received:
    2,087
    Location:
    Concord, NH
    The question is how long has it been there and should nVidia have fixed it (and found it,) before now. I think this is just another example of how drivers are never perfect and is another reason why people shouldn't bash AMD or nVidia for drivers that they've dumped a lot of time and effort into.
     
  4. PopcornMachine

    PopcornMachine

    Joined:
    Aug 17, 2009
    Messages:
    1,563 (0.84/day)
    Thanks Received:
    459
    Location:
    Los Angeles/Orange County CA
    Those darn buggy NVIDIA drivers! When are they going to fix them?


    Just kidding. It's a joke. Get it?
     
    hellrazor, KissSh0t and Aquinus say thanks.
  5. Jack1n

    Joined:
    Oct 8, 2012
    Messages:
    1,021 (1.43/day)
    Thanks Received:
    229
    Location:
    Central Israel
    Does not sound legit.
     
  6. 1c3d0g

    1c3d0g

    Joined:
    Dec 9, 2007
    Messages:
    697 (0.28/day)
    Thanks Received:
    59
    It might be plausible to exploit this, but come on:

    This alone tells me it would be extremely hard for a hacker to exploit this bug unless they've already infiltrated or otherwise compromised your network elsewhere. :ohwell:
     
  7. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    19,934 (6.18/day)
    Thanks Received:
    6,027
    So let me get this straight. For someone to exploit this vulnerability the following must be true:

    1. The attacker mush know the username and password of an active local user account on the machine.
    2. The firewall has to allow traffic in through whatever port the service is listening on.

    You'd have to have a pretty shitty security setup already for this vulnerability to really affect you.
     
    Crunching for Team TPU 50 Million points folded for TPU
  8. W1zzard

    W1zzard Administrator Staff Member

    Joined:
    May 14, 2004
    Messages:
    14,882 (3.93/day)
    Thanks Received:
    11,633
    1) Put it in a legitimate download that runs on the user's local machine (without admin privileges).
    2) Get the current username via code (very easy)
    3) Run the exploit, BAM admin
    4) Do evil things(tm)
     
    Eagleye and Aquinus say thanks.
  9. TheMailMan78

    TheMailMan78 Big Member

    Joined:
    Jun 3, 2007
    Messages:
    21,004 (7.88/day)
    Thanks Received:
    7,548
    Number one would be the hard part I assume. Someone would have to knowingly allow such an exploit to be installed which would eliminate 99.99999% of legitimate downloads from companies.

    Torrents........that's a different story.
     
  10. btarunr

    btarunr Editor & Senior Moderator Staff Member

    Joined:
    Oct 9, 2007
    Messages:
    28,553 (11.25/day)
    Thanks Received:
    13,644
    Location:
    Hyderabad, India
    Make something like bronypics.exe, post it on a few adult bbs' and get a million users of your app in a day.
     
  11. Absolution

    Absolution

    Joined:
    Apr 18, 2012
    Messages:
    273 (0.31/day)
    Thanks Received:
    37
    A few week(s) after AMD announces a patch, nvidia leak is found by an ethical hacker. Maybe this guy was the one who alerted AMD privately..

    AMD FANBOI

    :laugh:
     
  12. Ferrum Master

    Ferrum Master

    Joined:
    Nov 18, 2010
    Messages:
    622 (0.44/day)
    Thanks Received:
    143
    Location:
    Rīga
    The Red empire strikes back? Who said our cards stutter? At least our ones are not full of germs :laugh:
     
  13. KissSh0t

    KissSh0t New Member

    Joined:
    Feb 1, 2012
    Messages:
    114 (0.12/day)
    Thanks Received:
    28
    Location:
    Down Under
  14. Krneki New Member

    Joined:
    Dec 19, 2011
    Messages:
    23 (0.02/day)
    Thanks Received:
    0
    In 2012

    In this day and age someone is still running a Windows system without a firewall/router?

    In this case never mind the Nvidia/ATI shitty drivers, he is already a zombie (botnet).
     
  15. mediasorcerer New Member

    Joined:
    Sep 15, 2011
    Messages:
    979 (0.89/day)
    Thanks Received:
    225
    Location:
    coast ,melbourne
    Doesn't sound like that much of a worry.
     
  16. DanTheBanjoman Señor Moderator

    Joined:
    May 20, 2004
    Messages:
    10,553 (2.79/day)
    Thanks Received:
    1,383
    So basically... don't download gpu-z and other software form here until it's fixed.
     
  17. Aquinus

    Aquinus Resident Wat-man

    Joined:
    Jan 28, 2012
    Messages:
    6,285 (6.50/day)
    Thanks Received:
    2,087
    Location:
    Concord, NH
    :roll: Hah! Dan has seen through your devious plan, W1z. :p
     
  18. Katanai

    Katanai

    Joined:
    Mar 15, 2008
    Messages:
    951 (0.40/day)
    Thanks Received:
    111
    Fear, uncertainty and doubt (FUD), is a tactic used in sales, marketing, public relations, politics and propaganda.

    FUD is generally a strategic attempt to influence perception by disseminating negative and dubious or false information. An individual firm, for example, might use FUD to invite unfavorable opinions and speculation about a competitor's product; to increase the general estimation of switching costs among current customers; or to maintain leverage over a current business partner who could potentially become a rival.

    The term originated to describe disinformation tactics in the computer hardware industry but has since been used more broadly.
     
  19. W1zzard

    W1zzard Administrator Staff Member

    Joined:
    May 14, 2004
    Messages:
    14,882 (3.93/day)
    Thanks Received:
    11,633
    There is no FUD in this. In half a day every half decent programmer can write some code that exploits the vulnerability. With probably no antivirus catching it.
     
    Steevo says thanks.
  20. Ferrum Master

    Ferrum Master

    Joined:
    Nov 18, 2010
    Messages:
    622 (0.44/day)
    Thanks Received:
    143
    Location:
    Rīga
    The problem is always figuring out how to make a safe profit :D
     
  21. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    8,300 (2.56/day)
    Thanks Received:
    1,186
    Drive by downloads, or java exploit, need I say more.

    Wait

    And browser hijack redirects.


    I'm growing a beard™, so I am safe.
     
    10 Million points folded for TPU
  22. Fluffmeister

    Fluffmeister

    Joined:
    Dec 22, 2011
    Messages:
    663 (0.66/day)
    Thanks Received:
    189
    The exploit mainly affects "domain-based machine" with "relaxed firewall rules" and file sharing enabled.

    Oh noes!
     
  23. newconroer

    newconroer

    Joined:
    Jun 20, 2007
    Messages:
    3,090 (1.17/day)
    Thanks Received:
    312
    Don't you have that the other way around? What normal home network uses Windows firewall or any soft-firewall for that matter?
    And if a commercial network already has infiltration to the backdoor level *as is required for this to be an issue* then who cares, you're in trouble already.

    Sounds like this guy is turning a molehill into a mountain just to get some press.


    A) Hosts files
    B) Don't visit shady websites/open shady email attachments
    C) Take control/concern with your Active X and Java
    D) All remote registry services disabled (until the time of requirement/access needed)

    Statistically impossible for you to get a blown virus. About the worst you may encounter is a sneaky bit of malware that slipped in through browser controls and all it does is snoop or redirect you to paysites.
     
    Last edited: Dec 29, 2012
  24. Fluffmeister

    Fluffmeister

    Joined:
    Dec 22, 2011
    Messages:
    663 (0.66/day)
    Thanks Received:
    189

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page