Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Claymore Dual GPU Miner 10.5 Format String

🗓️ 03 Feb 2018 00:00:00Reported by res1nType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 31 Views

Claymore Dual GPU Miner <= 10.5 Format Strings Vulnerability allows remote attackers to read memory addresses and terminate the mining process, impacting Claymore's Dual Miner

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Claymore Dual GPU Miner 10.5 Format String Vulnerability
3 Feb 201800:00
zdt
Circl		CVE-2018-6317
29 May 201815:50
circl
CNVD		Claymore Dual Miner Denial of Service Vulnerability
6 Feb 201800:00
cnvd
CVE		CVE-2018-6317
2 Feb 201821:00
cve
Cvelist		CVE-2018-6317
2 Feb 201821:00
cvelist
NVD		CVE-2018-6317
2 Feb 201821:29
nvd
Prion		Format string
2 Feb 201821:29
prion
`  
Claymore Dual Gpu Miner <= 10.5 Format Strings Vulnerability  
=======================================================================  
  
product: Claymore's Dual Miner  
vulnerable version: <= 10.5  
fixed version: 10.6  
CVE number: - CVE-2018a6317  
impact: critical  
homepage: https://bitcointalk.org/index.php?topic=1433925.0  
found: 2018-01-26  
by: twitter.com/res1n  
  
=======================================================================  
  
  
Vulnerability overview/description:  
-----------------------------------  
Claymoreas Dual GPU Miner 10.5 and below is vulnerable to a format   
strings vulnerability. This allows an unauthenticated remote attacker to   
read memory addresses, or immediately terminate the mining process   
causing a denial of service.  
  
1) By sending a custom request to the json api on port 3333 of the   
remote management service it's possible to leak stack addresses and   
possibly rewrite stack addresses with %p. I wasn't able to break out of   
the json padding but someone else may be able to as %s also dumps string   
contents.  
  
example - echo -e '{"id":1,"jsonrpc":"1.0","method":"%x %x %x %x"}' | nc   
192.168.1.139 3333 & printf "\n".  
  
2) Sending %n to the json api on port 3333 immediately kills the mining   
process.  
  
example - echo -e '{"id":1,"jsonrpc":"1.0","method":"%n"}' | nc   
192.168.1.139 3333 & printf "\n".  
  
Solution  
------------------------  
Upgrade to version 10.6  
  
  
Vendor contact timeline:  
------------------------  
01/26/18aaaReported to dev  
01/26/18 a Confirmed and immediately patched. 10.6 released request for   
3a4 day embargo  
01/31/18aaaPublic Disclosure  
  
Writeup -   
https://medium.com/secjuice/claymore-dual-gpu-miner-10-5-format-strings-vulnerability-916ab3d2db30  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Feb 2018 00:00Current
9.1High risk
Vulners AI Score9.1
EPSS0.72662
claymore dual gpu minervulnerabilityformat stringsremote attackersmemory addressesdenial of serviceupgradecve-2018a6317patchedpublic disclosure
31