Mathias Krause

52 exploits Active since Feb 2010
CVE-2012-6537 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Exposure via Uninitialized Structures in xfrm_user
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
CVE-2012-6544 WRITEUP WRITEUP
Linux kernel < 3.6 - Information Disclosure via Bluetooth Stack
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.
CVE-2012-6545 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Disclosure via Bluetooth RFCOMM
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.
CVE-2012-6537 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Exposure via Uninitialized Structures in xfrm_user
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
CVE-2012-6544 WRITEUP WRITEUP
Linux kernel < 3.6 - Information Disclosure via Bluetooth Stack
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.
CVE-2012-6545 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Disclosure via Bluetooth RFCOMM
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.
CVE-2012-6546 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Exposure via Uninitialized ATM Structures
The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2013-1763 WRITEUP WRITEUP
Linux Kernel < 3.4.34 - Local Privilege Escalation via Netlink Message Family Value
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.
CVE-2012-1577 WRITEUP CRITICAL WRITEUP
dietlibc - Weak PRNG Seed Handling
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
CVSS 9.8
CVE-2012-6536 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Exposure via Netlink Message Length Inconsistency
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state.
CVE-2012-6537 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Exposure via Uninitialized Structures in xfrm_user
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
CVE-2012-6538 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Disclosure via copy_to_user_auth
The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.
CVE-2012-6539 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Disclosure via Uninitialized Structure in dev_ifconf
The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2012-6540 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Exposure via IP_VS_SO_GET_TIMEOUT Command
The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2012-6541 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Disclosure via Uninitialized Structure in ccid3_hc_tx_getsockopt
The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2012-6542 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Exposure via llc_ui_getname Uninitialized Pointer
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument.
CVE-2012-6543 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Exposure via l2tp_ip6_getname
The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2012-6544 WRITEUP WRITEUP
Linux kernel < 3.6 - Information Disclosure via Bluetooth Stack
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation.
CVE-2012-6545 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Disclosure via Bluetooth RFCOMM
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application.
CVE-2012-6546 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Exposure via Uninitialized ATM Structures
The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2012-6547 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Disclosure via Uninitialized Structure in __tun_chr_ioctl
The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2012-6548 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Exposure via udf_encode_fh
The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
CVE-2012-6549 WRITEUP WRITEUP
Linux Kernel < 3.6 - Information Exposure via isofs_export_encode_fh
The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application.
CVE-2013-1826 WRITEUP WRITEUP
Linux Kernel < 3.5.7 - Privilege Escalation via xfrm_state_netlink Error Handling
The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability.
CVE-2013-1827 WRITEUP WRITEUP
Linux Kernel < 3.5.4 - Denial of Service via DCCP getsockopt NULL Pointer Dereference
net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call.