Claymore Dual GPU Miner Format String dos attack

Claymore’s Dual GPU Miner 10.5 and below is vulnerable to a format strings vulnerability. This allows an unauthenticated attacker to read memory addresses, or immediately terminate the mining process causing a denial of service. !/usr/bin/env python3 -- coding: utf-8 - import socket import json...

Claymore Dual GPU Miner 10.5 - Format String

Claymore’s Dual GPU Miner 10.5 and below is vulnerable to a format strings vulnerability. This allows an unauthenticated attacker to read memory addresses, or immediately terminate the mining process causing a denial of service. After reading about the recent vulnerabilities with previous version...

Claymore Dual GPU Miner 10.5 - Format String

Claymore Dual GPU Miner 10.5 - Format String Claymore’s Dual GPU Miner 10.5 and below is vulnerable to a format strings vulnerability. This allows an unauthenticated attacker to read memory addresses, or immediately terminate the mining process causing a denial of service. After reading about the...

Claymore Dual GPU Miner 10.5 Format String

Claymore Dual Gpu Miner = 10.5 Format Strings Vulnerability ======================================================================= product: Claymore's Dual Miner vulnerable version: = 10.5 fixed version: 10.6 CVE number: - CVE-2018a6317 impact: critical homepage:...

Claymore Dual ETH + DCRSCLBCPASC GPU Miner - Stack Buffer Overflow Path Traversal

Claymore Dual ETH + DCRSCLBCPASC GPU Miner - Stack Buffer Overflow Path Traversal !/usr/bin/env python -- coding: UTF-8 -- github.com/tintinweb optional: pip install pysocks https://pypi.python.org/pypi/PySocks ''' API overview: nc -L -p 3333 "id":0,"jsonrpc":"2.0","method":"minergetstat1"...

Claymore Dual ETH + DCR/SC/LBC/PASC GPU Miner - Stack Buffer Overflow / Path Traversal

!/usr/bin/env python -- coding: UTF-8 -- github.com/tintinweb optional: pip install pysocks https://pypi.python.org/pypi/PySocks ''' API overview: nc -L -p 3333 "id":0,"jsonrpc":"2.0","method":"minergetstat1" "id":0,"jsonrpc":"2.0","method":"minerfile","params":"epools.txt",""...

Directory traversal

The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathna...

CVE-2017-16929

The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathna...

CVE-2017-16930

The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging...

CVE-2017-16929

The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathna...

CVE-2017-16930

Claymore's Dual ETH miner (GPU) remote management interface in version 10.1 is affected by an unauthenticated stack-based buffer overflow triggered by logging an overly long API request. The vulnerability arises from logging via sprintf into a fixed-size 0x4000-byte buffer, enabling potential rem...

CVE-2017-16929

The CVE-2017-16929 issue affects Claymore’s Dual ETH + DCR/SC/LBC/PASC GPU Miner (version 10.1 and earlier) where the remote management interface allows authenticated path traversal via miner_file/miner_getfile. The vulnerability arises from missing path validation, enabling an attacker to read/w...

Claymore's Dual Miner 10.1 Stack Buffer Overflow

Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-16929 Version: 0.2 Date: Nov 30th, 2017 Tag: claymore dual ethereum decred crypto currency miner Overview Name: Claymore's Dual ETH + DCR/SC/LBC/PASC GPU Miner Vendor: nanopool/claymore References:...