Vulnerabilities > CVE-2007-0257 - Unspecified vulnerability in Grsecurity Kernel Patch
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN grsecurity
exploit available
Summary
Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code
Vulnerable Configurations
Exploit-Db
| description | Grsecurity Kernel PaX Local Privilege Escalation Vulnerability. CVE-2007-0257. Local exploit for linux platform |
| id | EDB-ID:29446 |
| last seen | 2016-02-03 |
| modified | 2006-12-18 |
| published | 2006-12-18 |
| reporter | anonymous |
| source | https://www.exploit-db.com/download/29446/ |
| title | Grsecurity Kernel PaX - Local Privilege Escalation Vulnerability |
References
- http://forums.grsecurity.net/viewtopic.php?t=1646
- http://www.digitalarmaments.com/news_news.shtml
- http://www.digitalarmaments.com/pre2007-00018659.html
- http://www.securityfocus.com/bid/22014
- http://secunia.com/advisories/23713
- http://grsecurity.net/news.php#digitalfud
- http://securitytracker.com/id?1017509
- http://osvdb.org/32727
- http://www.vupen.com/english/advisories/2007/0155
- http://www.securityfocus.com/archive/1/462302/100/100/threaded
- http://www.securityfocus.com/archive/1/457509/100/0/threaded
- http://www.securityfocus.com/archive/1/456722/100/0/threaded
- http://www.securityfocus.com/archive/1/456626/100/0/threaded