Table of Contents
GNUBoard is the most popular BBS board in South Korea.
I received $500 for RCE on Windows and $50 for MySQL password leak.
Crypto Exploit PoC: https://gist.github.com/stypr/d6f69048e7a1098d9228bc3deccff465
RCE Exploit PoC: https://gist.github.com/stypr/c95d98f4a2ff754abe9dc50aac082916
Issues have been fixed by the vendor.
https://github.com/gnuboard/gnuboard5/commit/c03fec73b9aeb6571271f4141788e614cc3f6e82
RCE Assigned KVE-2018-0441,0449 Crypto Assigned KVE-2018-0510