CVE-2007-0257
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/01/2007
Last modified:
09/04/2025
Description
Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:grsecurity:grsecurity_kernel_patch:1.9.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.8:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://forums.grsecurity.net/viewtopic.php?t=1646
- http://grsecurity.net/news.php#digitalfud
- http://osvdb.org/32727
- http://secunia.com/advisories/23713
- http://securitytracker.com/id?1017509=
- http://www.digitalarmaments.com/news_news.shtml
- http://www.digitalarmaments.com/pre2007-00018659.html
- http://www.securityfocus.com/archive/1/456626/100/0/threaded
- http://www.securityfocus.com/archive/1/456722/100/0/threaded
- http://www.securityfocus.com/archive/1/457509/100/0/threaded
- http://www.securityfocus.com/archive/1/462302/100/100/threaded
- http://www.securityfocus.com/bid/22014
- http://www.vupen.com/english/advisories/2007/0155
- http://forums.grsecurity.net/viewtopic.php?t=1646
- http://grsecurity.net/news.php#digitalfud
- http://osvdb.org/32727
- http://secunia.com/advisories/23713
- http://securitytracker.com/id?1017509=
- http://www.digitalarmaments.com/news_news.shtml
- http://www.digitalarmaments.com/pre2007-00018659.html
- http://www.securityfocus.com/archive/1/456626/100/0/threaded
- http://www.securityfocus.com/archive/1/456722/100/0/threaded
- http://www.securityfocus.com/archive/1/457509/100/0/threaded
- http://www.securityfocus.com/archive/1/462302/100/100/threaded
- http://www.securityfocus.com/bid/22014
- http://www.vupen.com/english/advisories/2007/0155