Mathias Krause

44 exploits Active since Feb 2010
CVE-2012-1577 WRITEUP CRITICAL WRITEUP
OpenBSD - Info Disclosure
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
CVSS 9.8
CVE-2012-6536 WRITEUP WRITEUP
Linux Kernel < 3.5.7 - Information Disclosure
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state.
CVE-2012-6537 WRITEUP WRITEUP
Linux Kernel < 3.5.7 - Information Disclosure
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
CVE-2012-6538 WRITEUP WRITEUP
Linux Kernel < 3.5.7 - Information Disclosure
The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.
CVE-2012-6539 WRITEUP WRITEUP
Linux Kernel < 3.5.7 - Information Disclosure
The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2012-6540 WRITEUP WRITEUP
Linux Kernel < 3.5.7 - Information Disclosure
The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2012-6541 WRITEUP WRITEUP
Linux Kernel < 3.5.7 - Information Disclosure
The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2012-6542 WRITEUP WRITEUP
Linux Kernel < 3.5.7 - Information Disclosure
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument.
CVE-2012-6543 WRITEUP WRITEUP
Linux Kernel < 3.5.7 - Information Disclosure
The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2012-6544 WRITEUP WRITEUP
Linux Kernel < 3.5.7 - Information Disclosure
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.
CVE-2012-6545 WRITEUP WRITEUP
Redhat Enterprise Linux < 3.5.7 - Information Disclosure
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.
CVE-2012-6546 WRITEUP WRITEUP
Linux Kernel < 3.5.7 - Information Disclosure
The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2012-6547 WRITEUP WRITEUP
Linux Kernel < 3.5.7 - Information Disclosure
The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2012-6548 WRITEUP WRITEUP
Linux Kernel < 3.5.7 - Information Disclosure
The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
CVE-2012-6549 WRITEUP WRITEUP
Linux Kernel < 3.5.7 - Information Disclosure
The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
CVE-2013-1826 WRITEUP WRITEUP
Linux Kernel < 3.5.6 - Denial of Service
The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability.
CVE-2013-1827 WRITEUP WRITEUP
Linux Kernel < 3.5.3 - Denial of Service
net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call.
CVE-2013-2234 WRITEUP WRITEUP
Linux Kernel < 3.9.9 - Memory Corruption
The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.
CVE-2013-2546 WRITEUP WRITEUP
Linux kernel <3.8.2 - Info Disclosure
The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.
CVE-2013-2547 WRITEUP WRITEUP
Linux kernel <3.8.2 - Info Disclosure
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.
CVE-2013-2548 WRITEUP WRITEUP
Linux kernel <3.8.2 - Info Disclosure
The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
CVE-2013-2634 WRITEUP WRITEUP
Linux kernel <3.8.4 - Info Disclosure
net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2013-2635 WRITEUP WRITEUP
Linux kernel <3.8.4 - Info Disclosure
The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2013-2636 WRITEUP WRITEUP
Linux kernel <3.8.4 - Info Disclosure
net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.
CVE-2013-3076 WRITEUP WRITEUP
Linux kernel <3.9-rc8 - Info Disclosure
The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.