PrntRhd Premium Member join:2004-11-03 Fairfield, CA
1 recommendation |
PrntRhd
Premium Member
2013-Jan-8 1:42 am
Nvidia driver exploit allows super user escalation» arstechnica.com/security ··· ity-bug/A new GeForce driver has been released that fixes the issue less than two weeks since the flaw came to light. |
|
norwegian Premium Member join:2005-02-15 Outback 1 edit |
Maybe someone can explain more: The proof-of-concept code allows attackers to create a super-user account on vulnerable systems that is added to a network's Administrator group, according to SecurityWeek. The update service for Nvidia now has a user Updatus User» www.nvidia.com/object/nv ··· ate.html» forums.geforce.com/defau ··· suser-/1Is this exploit creating a new user or just changing the already placed user with higher permissions? Edit: On second thoughts, it is a device driver after all. Permissions on the SOHO computer is already there, I've mis-understood the part of the super-user reference; that is relative to a hack over a network and an admin's computer controlling the network. Either way, this seems serious enough I've let the admins know....however if they do their job correctly, they would be receiving emails or newsletters relative to this one I would think. |
|
|
CovMac Premium Member join:2000-11-06 Covington, LA |
to PrntRhd
Got it. Thanks! |
|
psloss Premium Member join:2002-02-24 |
to norwegian
said by norwegian:Maybe someone can explain more: The proof-of-concept code allows attackers to create a super-user account on vulnerable systems that is added to a network's Administrator group, according to SecurityWeek. The update service for Nvidia now has a user Updatus User» www.nvidia.com/object/nv ··· ate.html» forums.geforce.com/defau ··· suser-/1Is this exploit creating a new user or just changing the already placed user with higher permissions? The proof of concept creates a new local account and adds it to the local Admins group (RID = 544); however, that's only one thing an attacker could do. The exploit exposes SYSTEM-level local privileges, which is probably what they mean by super-user (SYSTEM = S-1-5-18, analogous to 'root'). The SecurityWeek story quotes two of the ingredients: 1) service running as SYSTEM (kind of a default) and 2) service has a pipe open with a NULL DACL. Variations on this theme are still out there; as the story notes, this is a bigger threat in enterprise environments, given that elsewhere there's predominantly no need to elevate privileges. said by norwegian:Maybe someone can explain more: Edit: On second thoughts, it is a device driver after all. Permissions on the SOHO computer is already there, I've mis-understood the part of the super-user reference; that is relative to a hack over a network and an admin's computer controlling the network. It's actually a service (user-mode) that communicates with the driver infrastructure, but that's neither here nor there. |
|
norwegian Premium Member join:2005-02-15 Outback |
said by psloss:The proof of concept creates a new local account and adds it to the local Admins group (RID = 544); however, that's only one thing an attacker could do. The exploit exposes SYSTEM-level local privileges, which is probably what they mean by super-user (SYSTEM = S-1-5-18, analogous to 'root'). The SecurityWeek story quotes two of the ingredients: 1) service running as SYSTEM (kind of a default) and 2) service has a pipe open with a NULL DACL. Variations on this theme are still out there; as the story notes, this is a bigger threat in enterprise environments, given that elsewhere there's predominantly no need to elevate privileges. This is quite interesting - what does Microsoft and it's 3rd party vendors do in regards to driver security? Null DACL: » msdn.microsoft.com/en-us ··· 85).aspxThe presence of a null discretionary access-control list (DACL) in the nTSecurityDescriptor attribute of any object can create a serious security risk. A null DACL grants full access to any user that requests it; normal security checking is not performed with respect to the object. A null DACL should not be confused with an empty DACL. An empty DACL is a properly allocated and initialized DACL containing no access-control entries (ACEs). An empty DACL grants no access to the object it is assigned to. For more information, see Null DACLs and Empty DACLs. How was that one missed? |
|
norwegian 1 edit |
to psloss
I found this link quite interesting too in regards to security group policy and Null DACL's. » blogs.technet.com/b/askd ··· acl.aspxThe problem with security processing occurs when the file or folder residing in the targeted folder contains a null DACL. Explicitly, this file or folder does not have any permissions. So Windows cannot determine how to propagate inherited permissions to the object because the object itself does not actually have permissions. Also this seems a good article: (English) » edc.tversu.ru/elib/inf/0 ··· t-2.html |
|
psloss Premium Member join:2002-02-24 |
to norwegian
said by norwegian:This is quite interesting - what does Microsoft and it's 3rd party vendors do in regards to driver security? It's not a driver security issue; this exploit can be accomplished from user mode without involving the drivers. (There's a slight disconnect with whoever wrote the SecurityWeek headline.) |
|
|
Regardless, Nvidia should release an update for all it's graphics cards...not just ones it currently supports for security issues. People who have 7000 series graphics cards and older will continue to be vulnerable otherwise. |
|
La LunaFly With The Angels My Beloved Son Chris Premium Member join:2001-07-12 New Port Richey, FL |
to PrntRhd
How do I know if I need this? I don't see my GPU in the list, but I ran the tool anyway. It doesn't tell me if I need this update.
About Your GPU
GeForce GTX260m
Your device supports PhysX more > CUDA more >
Your device does not support DirectX 11 more > 3D Vision more > SLI more > Clock 500MHzMemory 1024MB |
|
phxuser join:2010-03-16 Scottsdale, AZ 1 edit |
The security issue is with the Nvidia update service.
Correction: Vulnerability is Display Driver Service NVSvc
From the Nvidia website: What is NVIDIA Update? NVIDIA Update keeps your PC up-to-date with the latest NVIDIA drivers by notifying you when a new driver is available and directing you to the driver on www.nvidia.com. Starting with R275 drivers, NVIDIA Update also provides automatic updates for game and program profiles, including SLI profiles.
Which products are supported by NVIDIA Update? NVIDIA Update provides notifications for GeForce and ION GPUs for both desktop and notebook PCs. Other NVIDIA GPUs are not supported at this time.
How do I get NVIDIA Update? When you install a Release 270 or later GeForce/ION driver from www.nvidia.com, you will be presented with the option to install NVIDIA Update. |
|
psloss Premium Member join:2002-02-24 |
psloss
Premium Member
2013-Jan-9 6:37 pm
said by phxuser:The security issue is with the Nvidia update service. That's a separate service (which also happens to NOT be running as SYSTEM). The display name of the service is "NVIDIA Driver Helper Service"; it's also referred to in the context of this story as "NVidia Display Driver Service". The service name itself is NVSvc. |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
to phxuser
nVidia Update Service doesn't work. It throws an error. Besides, why would anyone update nVidia driver when doing so trashes your color settings? |
|
Dustyn Premium Member join:2003-02-26 Ontario, CAN ·Carry Telecom ·TekSavvy Cable Asus GT-AX11000 Technicolor TC4400
1 recommendation |
Dustyn
Premium Member
2013-Jan-9 6:44 pm
said by Mele20:nVidia Update Service doesn't work. It throws an error. Besides, why would anyone update nVidia driver when doing so trashes your color settings? It trashes color settings? Are you saying it does this for everyone who updates nVidia drivers, or just yourself? |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to PrntRhd
In related news: AMD warns of security hole in its Catalyst Control Center. I have an older ATI GPU that doesn't have the Control Center. |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
to Dustyn
I don't know if it happens to others or just me. I have 660 GTX card on Win 8 computer. The last nVidia driver update trashed my color settings. I was really surprised it did that. I used system restore to get back to the earlier version. I didn't really need that driver update as it was to improve certain games that I don't have. It was not a security update. |
|
PrntRhd Premium Member join:2004-11-03 Fairfield, CA |
to Mele20
said by Mele20:nVidia Update Service doesn't work. It throws an error. Besides, why would anyone update nVidia driver when doing so trashes your color settings? I updated my driver on this PC and it made the rendering improve. "Your mileage may vary". |
|
norwegian Premium Member join:2005-02-15 Outback 1 edit |
to psloss
said by psloss:said by norwegian:This is quite interesting - what does Microsoft and it's 3rd party vendors do in regards to driver security? It's not a driver security issue; this exploit can be accomplished from user mode without involving the drivers. (There's a slight disconnect with whoever wrote the SecurityWeek headline.) I should not have mentioned driver either, thank you for pointing that out and clarifying it for the discussion. said by psloss:That's a separate service (which also happens to NOT be running as SYSTEM). The display name of the service is "NVIDIA Driver Helper Service"; it's also referred to in the context of this story as "NVidia Display Driver Service". The service name itself is NVSvc. I believe this service can be safety turned off without adverse affects. I've quite often set it to disabled in the past, however recently I've let it run. Windows 7 doesn't seem to gain as much as XP did with service disabling to help on resources, memory (cheaper) etc. |
|
BlitzenZeusBurnt Out Cynic Premium Member join:2000-01-13 |
to Mele20
You need to learn to use the little buttons on your monitor to change the color, and brightness. You do that once, and then you never have to calibrate the monitor again anytime soon. |
|
Mele20 Premium Member join:2001-06-05 Hilo, HI |
Mele20
Premium Member
2013-Jan-10 9:07 am
No, that does not work. My monitor cannot be calibrated for digital vibrance nor for nVidia color settings except within nVidia. You don't seem to know much about nVidia cards. This is my third one on different computers on this monitor that has about 28,000 hours on it. lf nVidia cards they must have color settings done fom nVidia controls. IF I used on board graphics I could not get decent color because on board graphics does not have digital vibrance setting. NOTHING achieves that using the monitor controls. I didn't say the new nVidia driver screwed with brightness, contrast, etc. Those are the settings that I would use the monitor's buttons for. If you rely on the monitor settings you have garbage colors...no vibrancy. The reds are really off and most greens, but most men are color blind for green and red so they can't see the great differences and, thus, dismiss digital vibrance because of their genetic short coming.
Of course, without nVIEW nVidia card is not worth much anyway and there is no way to properly calibrate and have nVidia save all my Desktops without nView, I had no idea that now only professional nVidia card are worth a damn. There was zero point in my waiting fo six months for Dell to finally offer decent nVidia card for this computer. I could have simply gotten ATI 7870 and Windows 7. |
|
BlitzenZeusBurnt Out Cynic Premium Member join:2000-01-13 |
All I hear is crying from you on this issue, and I knew you couldn't reply without mentioning nview again... |
|
ashrc4 Premium Member join:2009-02-06 australia 2 edits |
to PrntRhd
FYI : Disable Built-in Administrator Account (super user) » www.howtogeek.com/howto/ ··· s-vista/First you need to enable the "One time" super user acc. Set a password for it, then disable it. Helps protect against some physical access issues. |
|
|
to PrntRhd
So basically this is yet another case of "we don't understand ACLs", this time from nVidia, eh? And here I was, hoping this kind of stuff was... well, stuff of the decade past.
Okay, so, what can all those folks with ancient nVidia cards, who are mortally afraid of updating their drivers lest the whole shebang crash and burn, do about this? I've got some people I know who are still using stuff like the geforce 7900 or what not. So the flaw is in the NVSvc service? Can that be just disabled to prevent exploiting the vulnerability? I don't even have an nVidia card on any of my rigs, so I can't well test if those cards can live without that service. |
|
norwegian Premium Member join:2005-02-15 Outback |
Disabling the service is fine. As I've mentioned I used to do it as part of my cleanup of XP services.
|
|