April 24, 2014

Details of vulnerability in the Nvidia Display Driver Service removed by author

nvidia-logo(LiveHacking.Com) –  Freelance computer security consultant Peter Winter-Smith has posted details of a vulnerability in the Nvidia Display Driver Service that if exploited would allow an attacker to escalate their privileges to Administrator on a Windows machines. However once posted, Peter decided to remove the information saying “it has caused some trouble for a few friends of mine and I didn’t intend for that to happen.”

According to Kaspersky Lab, who saw the details of the vulneravility before they were removed, the Nvidia Display Driver Service (Nvvsvc.exe) is vulnerable to a stack buffer overflow that bypasses the data execution prevention (DEP) and address space layout randomization (ASLR) mechanisms used by Windows since Vista.

“The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability,” Winter-Smith wrote on Pastebin before removing his own post. “The buffer overflow occurs as a result of a bad memmove operation.”

It is thought that the vulnerability is difficult to exploit remotely because it only applies to domain-based machine with relaxed firewall rules. For a local attack where the attacker already has access to the machine the vulnerability is easier to exploit.

“In the local scenario in which an attacker attempts to gain increased privileges on a machine they already have access to, it would be very easy,” Winter-Smith said. “It’s not incredibly serious (compared to—say–a browser exploit). If it were going to put people at risk I’d not have released exploit code and I’d have informed the vendor and kept quiet until a fix were issued.”

However since he has now removed the details about the vulnerability it can be assumed that the problem is much severer than he first thought.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks