製品・ソフトウェアに関する情報

JVN脆弱性詳細

SmartMesh におけるアクセス制御に関する脆弱性

Title	SmartMesh におけるアクセス制御に関する脆弱性
Summary	SmartMesh には、アクセス制御に関する脆弱性が存在します。
Possible impacts	情報を改ざんされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Sept. 29, 2018, midnight
Registration Date	Nov. 13, 2018, 3:55 p.m.
Last Update	Nov. 13, 2018, 3:55 p.m.

Affected System

SmartMesh

UG Token project

UG Token

GG Token project

GG Token

FIRST project

First

MTC project

M2C Mesh Network (MTC)

MESH project

M2C Mesh Network (mesh)

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-10769	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10769
National Vulnerability Database (NVD)
2	CVE-2018-10769	https://nvd.nist.gov/vuln/detail/CVE-2018-10769

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-284	https://cwe.mitre.org/data/definitions/284.html

ベンダー情報

No	Name	URL
Etherscan
1	First (FST)	https://etherscan.io/address/0x9E88770DA20ebea0Df87aD874c2F5cf8ab92f605#code
2	GG Token (GG)	https://etherscan.io/address/0xF20b76Ed9d5467fDcDc1444455e303257d2827c7#code
3	M2C Mesh Network (mesh)	https://etherscan.io/address/0x3AC6cb00f5a44712022a51fbace4C7497F56eE31#code
4	M2C Mesh Network (MTC)	https://etherscan.io/address/0x8feBf7551EeA6Ce499F96537Ae0e2075c5A7301a#code
5	UG Token (UGT)	https://etherscan.io/address/0x43ee79e379e7b78d871100ed696e803e7893b644#code
SmartMesh
6	SMT Token	https://smartmesh.io/smt-token/

その他

No	Name	URL
関連文書
1	Replay Attacks on Ethereum Smart Contracts	https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20Ethereum%20Smart%20Contracts.md

Change Log

No	Changed Details	Date of change
1	[2018年11月13日] 掲載	Nov. 13, 2018, 3:55 p.m.

NVD Vulnerability Information

CVE-2018-10769

Summary	The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT).
Publication Date	Aug. 11, 2018, 12:29 a.m.
Registration Date	March 1, 2021, 6:43 p.m.
Last Update	Nov. 21, 2024, 12:42 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:smartmesh_project:smartmesh:-:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:ugtoken_project:ugtoken:-:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:gg_token_project:gg_token:-:::::::*

Configuration4		or higher	or less	more than	less than
cpe:2.3:a:first_project:first:-:::::::*

Configuration5		or higher	or less	more than	less than
cpe:2.3:a:mtc_project:mtc:-:::::::*

Configuration6		or higher	or less	more than	less than
cpe:2.3:a:mesh_project:mesh:-:::::::*

Related information, measures and tools

No	URL	タグ
1	https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20Ethereum%20Smart%20Contracts.md	Exploit Third Party Advisory
2	https://github.com/nkbai/defcon26/blob/master/docs/Replay%20Attacks%20on%20Ethereum%20Smart%20Contracts.md	Exploit Third Party Advisory
3	https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E
4	https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E

Common Vulnerabilities List