SecurityHome.eu Security vulnerability: CPUMiner Stack Overflow

Home / vulnerabilities PDF

CPUMiner Stack Overflow
Posted on 08 October 2014
Source : packetstormsecurity.org Link

Vulnerability title: Stack Overflow in CPUMiner When Submitting Upstream
Work
CVE: CVE-2014-6251
Affected version: CPUMiner before 2.4.1
Reported by: Mick Ayzenberg of Deja vu Security

Details:

A malicious pool or an attacker who is in the middle of a valid
stratum connection can respond to a 'mining.subscribe' and instruct a
miner to use a large nonce2 length.

The attacker can then instruct the miner to generate blocks with a
standard 'mining.notify' request. Once the miner has discovered a
valid block it will attempt to copy this large nonce into a fixed size
character array and overflow into stack memory.

TOP

Malware :

None in database

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20