12 Dec 2013
A vulnerability in NVIDIA mental ray software may provide the perfect environment for brute-force password attack, bitcoin mining and privilege escalation, according to the Revuln report.
Mental ray (raysat) version 18.104.22.168, which has been used for special effects in movies including the Hulk, The Matrix and Poseidon, can be used to control a rendering farm, the report concludes.
After controlling the rendering farm, the attacker can use the power of GPU Cards to crack passwords with brute force method, run bitcoin miners and escalate privileges on any machine. The brute-force attack requires resources that a single machine cannot provide as well as a rendering farm when trying password combinations.
“As a side note, we noticed that the service spawns a new process for each new connection, which means that an attacker has potentially infinite chances to achieve a successful exploitation,” Luigi Auriemma and Donato Ferrante, ReVuln Security Researchers said.
The vulnerability was discovered amid an increase in bitcoin miner malware.