Menu
Nvidia exploit could turn render farms into password crackers, bitcoin miners, researchers claim

Nvidia exploit could turn render farms into password crackers, bitcoin miners, researchers claim

A flaw in Nvidia Mental Ray software can be exploited to compromise server clusters used for 3D rendering, researchers from ReVuln said

Nvidia's Mental Ray high-performance 3D rendering software has a vulnerability that could be exploited to compromise clusters of specialized computers called render farms, according to researchers from ReVuln.

"There is a vulnerability affecting NVIDIA mental ray (raysat) version 3.11.1.10, which allows a malicious user to load arbitrary DLLs on a victim system, thus an attacker can take control over a whole render farm by simply injecting a malicious remote library," said Luigi Auriemma and Donato Ferrante, security researchers and founders of Malta-based vulnerability research ReVuln, Tuesday in a research paper.

The Nvidia Mental Ray can use CUDA-enabled consumer or professional GPUs like the Nvidia GeForce, Quadro, and Tesla models for parallel rendering. It's commonly used in the film industry for CGI (computer-generated imagery) effects, but also in industries that rely on computer-aided design (CAD).

Mental Ray is available as a stand-alone application for Windows, Mac and Linux that can be installed and used on dedicated render machines. However, it is also integrated into third-party software like Autodesk 3ds Max, Autodesk Maya, Cinema 4D and others.

A render farm's computing power varies depending on its size. Industrial Light & Magic, an American visual effects company, used a render farm with access to 5,700 processor cores when it worked on the Transformers 2 movie in 2009.

On Windows, Nvidia Mental Ray runs as a system service and listens for incoming connections on port 7520, the ReVuln researchers said. To exploit the vulnerability an attacker just needs to send a malicious packet to the affected systems from a compromised computer on the same network, they said.

Post-exploitation scenarios could include using compromised render farms for password cracking or mining bitcoins, since both tasks can be distributed across many GPUs, the researchers said.

An example of a malicious packet that triggers the vulnerability in the Mental Ray software was included in ReVuln's research paper, but the company did not report the issue to Nvidia. ReVuln discloses the vulnerabilities found by its researchers publicly or sells the information to third parties through a subscription-based vulnerability intelligence service.

Nvidia did not immediately respond to a request for comment.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags serversReVulnsecurityhardware systemsnvidiaExploits / vulnerabilities

Featured

Slideshows

Reseller News launches inaugural Hall of Fame lunch

Reseller News launches inaugural Hall of Fame lunch

Reseller News welcomed 2015 and 2016 inductees - Darryl Swann, Dave Rosenberg, Gary Bigwood, Keith Watson, Mike Hill and Scott Green - to the inaugural Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed how the channel can collectively work together to benefit New Zealand, the Kiwi skills shortage and the future of the industry. Photos by Maria Stefina.

Reseller News launches inaugural Hall of Fame lunch
Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Show Comments