CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-10057

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.0270%
EPSS Percentile24.15th
Published2018年6月5日
Last Modified2024年11月21日

Vulnerability Description

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).

Affected Platforms (CPE)

📦
Bfgminer

Bfgminer

= 5.5.0
📦
Cgminer Project

Cgminer

= 4.10.0

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2018/06/03/1
🔗 https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10057
🔗 http://www.openwall.com/lists/oss-security/2018/06/03/1
🔗 https://github.com/tintinweb/pub/tree/master/pocs/cve-2018-10057

相关漏洞威胁

CVE-2014-450110.0

Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool s...

CVE-2014-450210.0

Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner befo...

CVE-2018-100588.8

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary ...

CVE-2018-261110.0

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Service...