CVE-2007-0257

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-0257
** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://forums.grsecurity.net/viewtopic.php?t=1646 Vendor Advisory
http://grsecurity.net/news.php#digitalfud
http://osvdb.org/32727
http://secunia.com/advisories/23713
http://securitytracker.com/id?1017509
http://www.digitalarmaments.com/news_news.shtml Vendor Advisory URL Repurposed
http://www.digitalarmaments.com/pre2007-00018659.html Vendor Advisory URL Repurposed
http://www.securityfocus.com/archive/1/456626/100/0/threaded
http://www.securityfocus.com/archive/1/456722/100/0/threaded
http://www.securityfocus.com/archive/1/457509/100/0/threaded
http://www.securityfocus.com/archive/1/462302/100/100/threaded
http://www.securityfocus.com/bid/22014
http://www.vupen.com/english/advisories/2007/0155
http://forums.grsecurity.net/viewtopic.php?t=1646 Vendor Advisory
http://grsecurity.net/news.php#digitalfud
http://osvdb.org/32727
http://secunia.com/advisories/23713
http://securitytracker.com/id?1017509
http://www.digitalarmaments.com/news_news.shtml Vendor Advisory URL Repurposed
http://www.digitalarmaments.com/pre2007-00018659.html Vendor Advisory URL Repurposed
http://www.securityfocus.com/archive/1/456626/100/0/threaded
http://www.securityfocus.com/archive/1/456722/100/0/threaded
http://www.securityfocus.com/archive/1/457509/100/0/threaded
http://www.securityfocus.com/archive/1/462302/100/100/threaded
http://www.securityfocus.com/bid/22014
http://www.vupen.com/english/advisories/2007/0155
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:grsecurity:grsecurity_kernel_patch:1.9.4:*:*:*:*:*:*:*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.8:*:*:*:*:*:*:*
History

17 Jan 2025, 14:15

Type Values Removed Values Added
CVSS v2 : 7.2
v3 : unknown 		v2 : 7.2
v3 : 7.8

21 Nov 2024, 00:25

Type Values Removed Values Added
References () http://forums.grsecurity.net/viewtopic.php?t=1646 - Vendor Advisory () http://forums.grsecurity.net/viewtopic.php?t=1646 - Vendor Advisory
References () http://grsecurity.net/news.php#digitalfud - () http://grsecurity.net/news.php#digitalfud -
References () http://osvdb.org/32727 - () http://osvdb.org/32727 -
References () http://secunia.com/advisories/23713 - () http://secunia.com/advisories/23713 -
References () http://securitytracker.com/id?1017509 - () http://securitytracker.com/id?1017509 -
References () http://www.digitalarmaments.com/news_news.shtml - Vendor Advisory, URL Repurposed () http://www.digitalarmaments.com/news_news.shtml - Vendor Advisory, URL Repurposed
References () http://www.digitalarmaments.com/pre2007-00018659.html - Vendor Advisory, URL Repurposed () http://www.digitalarmaments.com/pre2007-00018659.html - Vendor Advisory, URL Repurposed
References () http://www.securityfocus.com/archive/1/456626/100/0/threaded - () http://www.securityfocus.com/archive/1/456626/100/0/threaded -
References () http://www.securityfocus.com/archive/1/456722/100/0/threaded - () http://www.securityfocus.com/archive/1/456722/100/0/threaded -
References () http://www.securityfocus.com/archive/1/457509/100/0/threaded - () http://www.securityfocus.com/archive/1/457509/100/0/threaded -
References () http://www.securityfocus.com/archive/1/462302/100/100/threaded - () http://www.securityfocus.com/archive/1/462302/100/100/threaded -
References () http://www.securityfocus.com/bid/22014 - () http://www.securityfocus.com/bid/22014 -
References () http://www.vupen.com/english/advisories/2007/0155 - () http://www.vupen.com/english/advisories/2007/0155 -

14 Feb 2024, 01:17

Type Values Removed Values Added
References () http://www.digitalarmaments.com/news_news.shtml - Vendor Advisory () http://www.digitalarmaments.com/news_news.shtml - Vendor Advisory, URL Repurposed
References () http://www.digitalarmaments.com/pre2007-00018659.html - Vendor Advisory () http://www.digitalarmaments.com/pre2007-00018659.html - Vendor Advisory, URL Repurposed
Information

Published : 2007-01-16 23:28

Updated : 2025-01-17 14:15

NVD link : CVE-2007-0257

Mitre link : CVE-2007-0257

CVE.ORG link : CVE-2007-0257

JSON object : View

Products Affected

grsecurity

  • grsecurity_kernel_patch
CWE
NVD-CWE-Other