Claymore Dual GPU Miner 10.5 Format String

`  
Claymore Dual Gpu Miner <= 10.5 Format Strings Vulnerability  
=======================================================================  
  
product: Claymore's Dual Miner  
vulnerable version: <= 10.5  
fixed version: 10.6  
CVE number: - CVE-2018a6317  
impact: critical  
homepage: https://bitcointalk.org/index.php?topic=1433925.0  
found: 2018-01-26  
by: twitter.com/res1n  
  
=======================================================================  
  
  
Vulnerability overview/description:  
-----------------------------------  
Claymoreas Dual GPU Miner 10.5 and below is vulnerable to a format   
strings vulnerability. This allows an unauthenticated remote attacker to   
read memory addresses, or immediately terminate the mining process   
causing a denial of service.  
  
1) By sending a custom request to the json api on port 3333 of the   
remote management service it's possible to leak stack addresses and   
possibly rewrite stack addresses with %p. I wasn't able to break out of   
the json padding but someone else may be able to as %s also dumps string   
contents.  
  
example - echo -e '{"id":1,"jsonrpc":"1.0","method":"%x %x %x %x"}' | nc   
192.168.1.139 3333 & printf "\n".  
  
2) Sending %n to the json api on port 3333 immediately kills the mining   
process.  
  
example - echo -e '{"id":1,"jsonrpc":"1.0","method":"%n"}' | nc   
192.168.1.139 3333 & printf "\n".  
  
Solution  
------------------------  
Upgrade to version 10.6  
  
  
Vendor contact timeline:  
------------------------  
01/26/18aaaReported to dev  
01/26/18 a Confirmed and immediately patched. 10.6 released request for   
3a4 day embargo  
01/31/18aaaPublic Disclosure  
  
Writeup -   
https://medium.com/secjuice/claymore-dual-gpu-miner-10-5-format-strings-vulnerability-916ab3d2db30  
  
  
`