Marcel Holtmann

5 exploits Active since Apr 2006
CVE-2017-1000251 WRITEUP HIGH WRITEUP
Linux Kernel 2.6.32-4.13.1 - Remote Code Execution via Bluetooth L2CAP Configuration Response
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
CVSS 8.0
CVE-2020-27153 WRITEUP HIGH WRITEUP
BlueZ < 5.55 - Double Free in GATT Service Discovery
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event.
CVSS 8.6
CVE-2017-15868 WRITEUP HIGH WRITEUP
Linux Kernel < 3.19 - Local Privilege Escalation via BNEP Connection Handling
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
CVSS 7.8
CVE-2006-1863 EXPLOITDB text WRITEUP
Linux Kernel < 2.6.17 - Directory Traversal via CIFS Chroot Escape
Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1864.
CVE-2006-1864 EXPLOITDB text WRITEUP
Linux Kernel <= 2.6.16 - Directory Traversal via SMB Chroot Escape
Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences, a similar vulnerability to CVE-2006-1863.