Menu
Nvidia exploit could turn render farms into password crackers, bitcoin miners, researchers claim

Nvidia exploit could turn render farms into password crackers, bitcoin miners, researchers claim

A flaw in Nvidia Mental Ray software can be exploited to compromise server clusters used for 3D rendering, researchers from ReVuln said

Nvidia's Mental Ray high-performance 3D rendering software has a vulnerability that could be exploited to compromise clusters of specialized computers called render farms, according to researchers from ReVuln.

"There is a vulnerability affecting NVIDIA mental ray (raysat) version 3.11.1.10, which allows a malicious user to load arbitrary DLLs on a victim system, thus an attacker can take control over a whole render farm by simply injecting a malicious remote library," said Luigi Auriemma and Donato Ferrante, security researchers and founders of Malta-based vulnerability research ReVuln, Tuesday in a research paper.

The Nvidia Mental Ray can use CUDA-enabled consumer or professional GPUs like the Nvidia GeForce, Quadro, and Tesla models for parallel rendering. It's commonly used in the film industry for CGI (computer-generated imagery) effects, but also in industries that rely on computer-aided design (CAD).

Mental Ray is available as a stand-alone application for Windows, Mac and Linux that can be installed and used on dedicated render machines. However, it is also integrated into third-party software like Autodesk 3ds Max, Autodesk Maya, Cinema 4D and others.

A render farm's computing power varies depending on its size. Industrial Light & Magic, an American visual effects company, used a render farm with access to 5,700 processor cores when it worked on the Transformers 2 movie in 2009.

On Windows, Nvidia Mental Ray runs as a system service and listens for incoming connections on port 7520, the ReVuln researchers said. To exploit the vulnerability an attacker just needs to send a malicious packet to the affected systems from a compromised computer on the same network, they said.

Post-exploitation scenarios could include using compromised render farms for password cracking or mining bitcoins, since both tasks can be distributed across many GPUs, the researchers said.

An example of a malicious packet that triggers the vulnerability in the Mental Ray software was included in ReVuln's research paper, but the company did not report the issue to Nvidia. ReVuln discloses the vulnerabilities found by its researchers publicly or sells the information to third parties through a subscription-based vulnerability intelligence service.

Nvidia did not immediately respond to a request for comment.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags securityservershardware systemsnvidiaExploits / vulnerabilitiesReVuln

Featured

Slideshows

Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Show Comments