A Bit About the NVIDIA Vulnerability

Published: 2013-01-06. Last Updated: 2013-01-06 15:33:54 UTC
by Kevin Liston (Version: 1)
5 comment(s)

Geoff writes in this morning asking for more eploration around the Nvidia vulnerability patch that was released yesterday. (http://www.securityweek.com/nvidia-releases-fix-dangerous-display-driver-exploit)

He writes: "Its really quiet if it is truly a vulnerability patch.  I don't see any reference to an exploit fix.  Maybe you can dig deeper and confirm?"

On December 25th, 2012, a security research released exploit code that leverages a buffer overflow vulnerability in versions prior to 310.90 of the GeForce Driver for a popular line of NVIDIA video cards.  This is a privilege escalation exploit that allows someone with low-level access to gain administrative-privileges on that system.

Since it requires access to the target system before it is effective, there isn't as much press about it as you might expect.  However, in our current world where uses can be expected to click on just about anything, gaining that access isn't as hard as some might expect or want.

It's been less than two weeks between the public release of the code and a patch, and there were a couple of holidays within those two weeks, so I'd give NVIDA points for their response time.  As for how serious I think it is?  I'm downloading the patch as I write this up.

-KL

Keywords: nvidia
5 comment(s)

Comments

Ok, so either you somehow manage to get on the system before trying to use this exploit or it's useless.

But well, if you've made it that far I guess there are far more vulnerabilities than just the graphics driver, which also won't be nvidia in many companies.

Update is still recommended of course, yet the nvidia server crashes to 0 kb/s after 1 sec of transferring. **** that :D
This begs the question if nVidia is going to be releasing an update for the 7 series and older cards which they have moved to legacy support...

http://www.anandtech.com/show/6408/nvidia-releases-31033-beta-drivers-geforce-6-7-series-moved-to-legacy-status
It's not that useless of an exploit, many companies have public use computers where a non employee would be given non administrative access. Also there is the possibility of a malicious employee using this in some way to load malicious software. And some users just like to click on everything they see...it's probably not a huge risk but should still be taken seriously.
The release notes clearly state that there is a security update in the 310.90 driver update. To quote "Adds a security update for the NVIDIA Display Driver service (nvvsvc.exe)."
Had no problem downloading and installing the update. Thanks to ISC for the heads up on this issue.

Diary Archives