Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

NVidia nFoce 680i weakness on ASUS P5-N32 E SLI

From: Vincent Duvernet (Nolmë Informatique) <Vincent.Duvernet () nolme com>
Date: Mon, 11 Feb 2008 19:09:36 +0100
Hi,

I’ve found which looks like a big bug this week-end on my computer during
FTP file transfert.

Here is my computer :
---------------------

ASUS P5 N32 E SLI + MSI 8600 GT
Intel Core 2 Duo E6850  + 4 GB DDR2
Sata DVDRW + HD (80 GB) + HD RAID 1 (2x160 GB) Logitech MX 510 Mouse & G11
keyboard & webcam

OS : Windows XP Pro with dual boot with Mandriva 2008 (just for testing) No
software firewall, no antivirus, clean computer.

Software installed : many ;p but here’s a small list MS Visual Studio
Express (C#, SQL Server, Web) MS Expression Web MS Office 2007 Skype
3.6.0.244 MSN Live 8.5

Drivers :
Nforce 680i, French, WXP, 9.53
(http://www.nvidia.fr/object/nforce_680i_winxp32_intel_9.53_fr.html )
Foreceware 169.21 (http://www.nvidia.fr/object/winxp_169.21_whql_fr.html )


Here’s the bug :
----------------
Go to Nvidia control panel in tray bar
Go to connectivity tab
Activate FirstPacket (with DSL 384K for me) Activate Hardware acceleration
for TCP/IP networks

Launch Filezilla 3.0.6 (http://filezilla.sourceforge.net ) or FTP Free
Commander (http://www.internetsoftcorp.com/software-download.htm )

Upload a file to a remote server (sivit.fr in my case) with Filezilla 

Log :
Réponse :       230-You are user #12 of 220 simultaneous users allowed.
Réponse :       230-
Réponse :       230 Restricted user logged in.
Statut :        Connecté
Statut :        Commence l'envoi de Y:\SiteWeb\fabien.beaujard\v2\press.htm
Commande :      CWD /
Réponse :       250 "/" is new cwd.
Commande :      PWD
Réponse :       257 "/" is cwd.
Commande :      TYPE A
Réponse :       200 Type okay.
Commande :      PASV
Réponse :       227 Entering Passive Mode (194,146,224,98,221,173)
Commande :      STOR press.htm
Réponse :       150 Data connection accepted from 83.115.3.170:1128;
transfer starting.
Réponse :       226 Transfer completed.

Here’s a link to bad file :
www.fabeduc.com/press_bad.htm


Remove these 2 options to nvidia control panel, and then it works.
Strange thing, when using my VmWare Workstation virtual machine on this
computer, it works too (see : www.fabeduc.com/press_ok.htm)

Is this potential a security hole ? Don't really know. I just know that
network seems to works differently.

++

Vincent
Previous By Date Next
Previous By Thread Next

Current thread: