You Are Here: Home » Industry News » Flaw in Nvidia Driver Allows for Remote Injection of Unwanted Super-User

Flaw in Nvidia Driver Allows for Remote Injection of Unwanted Super-User

A stack buffer overflow in the NVIDIA Display Driver Service may be exploited to add a new user on your computer despite the security checks implemented at the operating system level. According to security researcher Peter Winter-Smith, the flaw can be exploited by any logged on user or remote user in a domain context (i.e. a user on a corporate network).

The entire process is documented in the proof-of-concept code released along with the announcement.

The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability,” wrote Winter-Smith.

While it may be true that the exploit requires the attacker to have a valid account on a computer or on a corporate network, access to a machine can be achieved by phishing a corporate user, for instance. From then on, the attacker can escalate its privileges to access mission-critical machines that run the vulnerable driver.

This is not an isolated incident for Nvidia. Earlier in August, the closed-source Nvidia driver for Linux was found to be vulnerable to a bug that granted root access to any limited user on the machine.

About The Author

Senior E-Threat Analyst

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

Number of Entries : 334

Leave a Comment

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top