It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
Nvidia Display Driver Service is insecure Nvidia Display Driver Service is insecure
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read


Nvidia Display Driver Service is insecure
Reply
 
Thread Tools
Old 31st December 2012, 10:16   #1
[M] Reviewer
 
Stefan Mileschin's Avatar
 
Join Date: May 2010
Location: Romania
Posts: 44,791
Stefan Mileschin Freshly Registered
Default Nvidia Display Driver Service is insecure

An insecurity expert has found a vulnerability in the Nvidia Display Driver Service that could give administrator privileges on Windows machines to hacker .

Peter Winter-Smith, formerly with NGS Software of the UK, posted details of the vulnerability to Pastebin.

He claimed that the service is vulnerable to a stack buffer overflow that bypasses data execution prevention (DEP) and address space layout randomisation (ASLR).

The hole applies to every Windows operating system since Windows Vista.

He said that the service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context should be able to exploit this vulnerability.

Winter-Smith wrote that the buffer overflow occurs as a result of a bad memmove operation.

Fortunately for Nvidia the vulnerability is difficult to exploit because it mostly affects a domain-based machine, where there are relaxed firewall rules and filesharing is switched on. This is like a network manager having their server set to "please hack my server, I have no interest in staying in the industry".

But if they were daft enough, there are a few servers out there which have settings more liberal than Finland.

Winter-Smith said he wanted to share the exploit in a timely fashion, rather than report it, but said that the risk from this particular flaw being exploited was is sufficiently low that he didn't think it would warrant the wait.

Curiously when we went and had a look at the Pastebin entry this morning, Winter-Smith had pulled the post. He said that it had "caused a few of his friends a few problems". It is not clear who the friends were, or if Nvidia had been having a quite word with him, his friends, or he had woken up with a decapitated press release in his bed.

http://news.techeye.net/security/nvi...ce-is-insecure
Stefan Mileschin is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
Java is Insecure and Awful, It’s Time to Disable It, and Here’s How jmke WebNews 0 29th August 2012 08:00
NVIDIA Releases 296.10 GeForce Driver, Introduces Windows 8 Driver Support Stefan Mileschin WebNews 0 14th March 2012 07:59
Display driver nvlddmkm stopped responding and has successfully recovered Kougar Hardware Overclocking and Case Modding 31 18th May 2010 02:23
ATI Catalyst™ 9.10 Display Driver for Windows Gamer WebNews 1 22nd October 2009 22:05
Insecure routing redirects YouTube to Pakistan jmke WebNews 0 25th February 2008 17:29
Nvidia Driver Analysis Sidney WebNews 0 15th August 2005 22:39
nVidia Detonator driver? Kerry Hardware/Software Problems, Bugs 5 30th July 2004 23:47

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


All times are GMT +1. The time now is 01:14.


Powered by vBulletin® - Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO