Re: Claymore's Dual Ethereum AMD+NVIDIA GPU Miner v11.7 (Windows/Linux)

Quote from: Claymore on May 17, 2018, 10:51:25 PM

Quote from: blockaudit on May 17, 2018, 06:40:10 PM

FYI a remote exploit for v7.3+ was made public:
https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/
https://www.exploit-db.com/exploits/44638/

More precisely, it works until v8.1, in v8.1 "-mport" is working in read-only mode by default, check "History.txt" file for details. Another thing required for this "exploit" is direct access to internet for the system, it will not work via NAT or firewall without your permission.
Later versions had another issue that was fixed too, see my message:
https://bitcointalk.org/index.php?topic=1433925.msg28540417#msg28540417

Thanks for the data, good to know!

Have you all had any official security code reviews or application pen-tests in order to have more confidence that these types of trivial issues won't be found again?