CVE Vulnerabilities

CVE-2007-0257

Published: Jan 16, 2007 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities. The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code

Affected Software

Name Vendor Start Version End Version
Grsecurity_kernel_patch Grsecurity 2.0.1 2.0.1
Grsecurity_kernel_patch Grsecurity 2.1.5 2.1.5
Grsecurity_kernel_patch Grsecurity 2.1.1 2.1.1
Grsecurity_kernel_patch Grsecurity 2.1.7 2.1.7
Grsecurity_kernel_patch Grsecurity 2.1.8 2.1.8
Grsecurity_kernel_patch Grsecurity 2.1.2 2.1.2
Grsecurity_kernel_patch Grsecurity 1.9.4 1.9.4
Grsecurity_kernel_patch Grsecurity 2.1.4 2.1.4
Grsecurity_kernel_patch Grsecurity 2.1.3 2.1.3
Grsecurity_kernel_patch Grsecurity 2.1.0 2.1.0
Grsecurity_kernel_patch Grsecurity 2.0.2 2.0.2
Grsecurity_kernel_patch Grsecurity 2.1.6 2.1.6

References