UBUNTU-CVE-2018-10057

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2018-10057

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-10057.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2018-10057

Related

CVE-2018-10057

Published

2018-06-05T21:29:00Z

Modified

2025-06-03T17:32:25Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).

References

Affected packages

Ubuntu:Pro:16.04:LTS / bfgminer

Package

Name: bfgminer
Purl: pkg:deb/ubuntu/bfgminer@5.2.0+dfsg-1build1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.2.0+dfsg-1

5.2.0+dfsg-1build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / cgminer

Package

Name: cgminer
Purl: pkg:deb/ubuntu/cgminer@4.9.2-1build1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.9.2-1

4.9.2-1build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / bfgminer

Package

Name: bfgminer
Purl: pkg:deb/ubuntu/bfgminer@5.4.2+dfsg-1build2?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.2+dfsg-1build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / cgminer

Package

Name: cgminer
Purl: pkg:deb/ubuntu/cgminer@4.9.2-1build1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.9.2-1build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / cgminer

Package

Name: cgminer
Purl: pkg:deb/ubuntu/cgminer@4.9.2-1build2?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.9.2-1build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / cgminer

Package

Name: cgminer
Purl: pkg:deb/ubuntu/cgminer@4.9.2-1ubuntu1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.9.2-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}