ID
VAR-E-201802-0487
CVE
| cve_id: | CVE-2018-6317 | Trust: 1.5 |
EDB ID
43972
TITLE
Claymore Dual GPU Miner 10.5 - Format String - Multiple dos Exploit
Trust: 0.6
DESCRIPTION
Claymore Dual GPU Miner 10.5 - Format String. CVE-2018-6317 . dos exploit for Multiple platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | claymore | model: | dual gpu miner | scope: | eq | version: | 10.5 | Trust: 2.1 |
EXPLOIT
Claymore’s Dual GPU Miner 10.5 and below is vulnerable to a format strings vulnerability. This allows an unauthenticated attacker to read memory addresses, or immediately terminate the mining process causing a denial of service.
After reading about the recent vulnerabilities with previous versions, I thought I should take another look at the json listener on port 3333 and see if there was any avenues of attack.
echo -e '{"id":1,"jsonrpc":"1.0","method":"test"}' | nc 192.168.1.107 3333 & printf "\n"
After realizing the buffer was printed I decided to try a few others…
Sending %s does return some strings, however I couldn’t get the hex addresses padded properly to dig in more as I kept getting unable to parse json errors. Sending %p also did yield some results but I’m sure someone more qualified may be able to exploit the stack further…
Finally, sending %n completely kills the mining process.
echo -e '{"id":1,"jsonrpc":"1.0","method":"%n"}' | nc 192.168.1.139 3333 & printf "\n"
Keep your rigs up to date, or stop opening port 3333 to the public. Seriously.
Timeline
01/26/18 — Reported
01/26/18 —Confirmed and immediately patched. 10.6 released request for 3–4 day embargo
01/31/18 — Public Disclosure
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Format String
Trust: 1.6
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | vulnerability | Trust: 0.5 |
CREDITS
res1n
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 43972 | Trust: 1.6 |
| db: | NVD | id: | CVE-2018-6317 | Trust: 1.5 |
| db: | EDBNET | id: | 96480 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 146234 | Trust: 0.5 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-6317 | Trust: 1.5 |
| url: | https://medium.com/secjuice/claymore-dual-gpu-miner-10-5-format-strings-vulnerability-916ab3d2db30 | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/43972/ | Trust: 0.6 |
SOURCES
| db: | PACKETSTORM | id: | 146234 |
| db: | EXPLOIT-DB | id: | 43972 |
| db: | EDBNET | id: | 96480 |
LAST UPDATE DATE
2022-07-27T10:02:46.673000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 146234 | date: | 2018-02-03T03:54:48 |
| db: | EXPLOIT-DB | id: | 43972 | date: | 2018-02-05T00:00:00 |
| db: | EDBNET | id: | 96480 | date: | 2018-02-05T00:00:00 |