chrisG23 writes: Today during the CanSecWest http://cansecwest.com/ international conference in Vancouver, members Yves-Alexis Perez and Loic Duflot of ANSSI (French Network and Information Security Agency) described how an attacker could remotely take full control of a particular network card model. Once taken over, (and no interaction with the host operating system was required whatsover) the presenters demonstrated it was possible to enable the remote computer startup, shutdown, and restart commands disabled by default in the NIC firmware. Then the presenters demonstrated remote execution of code on the host computer, obtaining a root level account with a single additional packet.
This particular exploit only works on one particular model of network card, but the implications are staggering as it is almost inevitable that more network cards and other computer devices that have their own registers, memory, processor and firmware, and a means to communicate independently of the host computer, can and will be exploited, again totally independent of the operating system of the host computer. The researchers have contacted the NIC vendor and a patch has been released. The actual exploit code and tools will not be released. Details and an FAQ can be found on the ANSSI website at http://www.ssi.gouv.fr/site_article185.html