Andy Lutomirski

7 exploits Active since Nov 2012
CVE-2013-4300 WRITEUP WRITEUP
Linux Kernel < 3.9 - Access Control
The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.
CVE-2015-2830 WRITEUP WRITEUP
Debian Linux < 3.19.1 - Access Control
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.
CVE-2015-3291 WRITEUP WRITEUP
Linux kernel <4.1.6 - DoS
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI.
CVE-2015-5157 WRITEUP WRITEUP
Redhat Enterprise Linux Desktop < 3.12.47 - Access Control
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.
CVE-2020-15852 WRITEUP HIGH WRITEUP
Linux Kernel < 5.7.9 - Incorrect Default Permissions
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154.
CVSS 7.8
CVE-2014-5207 EXPLOITDB c WORKING POC
Linux Kernel < 3.16.1 - Improper Privilege Management
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.
CVE-2012-0698 EXPLOITDB python WORKING POC
TrouSerS <0.3.10 - DoS
tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003.