Flaw in Nvidia's rendering software allows hijacking of "computer farms"
Posted on 12 December 2013.
A vulnerability in Nvidia mental ray, an extremely popular 3D-rendering software that is often used on "render farms", could allow attackers to take control of said farms, and use their massive computational power for their own nefarious purposes.

Render farms - groups of networked computers dedicated to rendering images for projects like computer-animated films - usually consist of hundreds and often thousands of processor cores, all grinding out animations that the master computer instructs them to work on.

Unfortunately, if they use NVIDIA mental ray version 3.11.1.10 or earlier, the vulnerability discovered by ReVuln researchers Luigi Auriemma and Donato Ferrante makes them open to attack.

Used both as a standalone product and embedded into popular content creation apps, the NVIDIA mental ray is a system service, and it keeps open a specific TCP port (7520 in newer versions of the software) on which it waits for incoming connections.

And it's to this port that attackers can send a specific malicious packet (included in the paper) and trigger the vulnerability, allowing them to load arbitrary DLLs on a victim system and, thusly, take control over the entire rendering farm.


The farm can then be surreptitiously used to perform password hacking (brute-forcing) on a large scale, or event for Bitcoin mining.

The researchers pointed out that the vulnerability affects both the 32-bit and 64-bit version of the software, but that there are other issues that need to be addressed as well. They also admitted that they haven't reported this vulnerability to the vendor, but haven't explained why.

Conversely, ReVuln is in the business of finding and selling vulnerability information to paying third parties.










Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //