FKIE_CVE-2007-0257

Vulnerability from fkie_nvd - Published: 2007-01-16 23:28 - Updated: 2025-04-09 00:30
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code
References
cve@mitre.orghttp://forums.grsecurity.net/viewtopic.php?t=1646Vendor Advisory
cve@mitre.orghttp://grsecurity.net/news.php#digitalfud
cve@mitre.orghttp://osvdb.org/32727
cve@mitre.orghttp://secunia.com/advisories/23713
cve@mitre.orghttp://securitytracker.com/id?1017509
cve@mitre.orghttp://www.digitalarmaments.com/news_news.shtmlVendor Advisory, URL Repurposed
cve@mitre.orghttp://www.digitalarmaments.com/pre2007-00018659.htmlVendor Advisory, URL Repurposed
cve@mitre.orghttp://www.securityfocus.com/archive/1/456626/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/456722/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/457509/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/462302/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/22014
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0155
af854a3a-2127-422b-91ae-364da2661108http://forums.grsecurity.net/viewtopic.php?t=1646Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://grsecurity.net/news.php#digitalfud
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/32727
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23713
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017509
af854a3a-2127-422b-91ae-364da2661108http://www.digitalarmaments.com/news_news.shtmlVendor Advisory, URL Repurposed
af854a3a-2127-422b-91ae-364da2661108http://www.digitalarmaments.com/pre2007-00018659.htmlVendor Advisory, URL Repurposed
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/456626/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/456722/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/457509/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/462302/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22014
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0155
Impacted products
Vendor Product Version
grsecurity grsecurity_kernel_patch 1.9.4
grsecurity grsecurity_kernel_patch 2.0.1
grsecurity grsecurity_kernel_patch 2.0.2
grsecurity grsecurity_kernel_patch 2.1.0
grsecurity grsecurity_kernel_patch 2.1.1
grsecurity grsecurity_kernel_patch 2.1.2
grsecurity grsecurity_kernel_patch 2.1.3
grsecurity grsecurity_kernel_patch 2.1.4
grsecurity grsecurity_kernel_patch 2.1.5
grsecurity grsecurity_kernel_patch 2.1.6
grsecurity grsecurity_kernel_patch 2.1.7
grsecurity grsecurity_kernel_patch 2.1.8
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:1.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E8B4803-8997-458A-A62C-F8E1BDC0A57E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09DF5719-7980-42F1-A55F-BA42B5AB51E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E661647F-ED24-40C9-B85D-9C60F45EA00F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D9BF20-272D-428A-88DD-0CA90B14C631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "95BF408B-DE5C-4AD4-986B-FF9C38E1B515",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "23E79624-4CBD-4744-BD1E-518B9EBFF7C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DC3A73-B269-4418-A8EC-877BDDDB57BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F45B7B0-DAEE-4101-97AB-C41F6E206916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAC33E4A-76D3-4C16-B261-CDB0CF78F048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB4F7AFD-AD7A-45ED-9660-7BC6DFCD36E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B598D0A0-21A2-4731-B816-A96B4D8A389A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "30A7EF3A-9C9D-49EC-B214-80D43558CFDD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "disputed"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that \"the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities.\"  The developer also cites a past disclosure that was not proven.  As of 20070120, the original researcher has released demonstration code"
    },
    {
      "lang": "es",
      "value": "** DISPUTADA ** Vulnerabilidad no especificada en la funci\u00f3n expand_stack en grsecurity PaX permite a usuarios locales obtener privilegios a trav\u00e9s de vectores no especificados. NOTA: el desarrollador grsecurity ha disputado este problema, diciendo que \u0027la funci\u00f3n donde dicen que est\u00e1 la vulnerabilidad es una funci\u00f3n insignificante, que puede ser, y ha sido, f\u00e1cilmente comprobada por cualquier supuesta vulnerabilidad.\u0027 El desarrollador tambi\u00e9n cita una divulgaci\u00f3n anterior que no se prob\u00f3. Desde el 20 de enero del 2007, el investigador original ha emitido c\u00f3digo de demostraci\u00f3n."
    }
  ],
  "id": "CVE-2007-0257",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2007-01-16T23:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://forums.grsecurity.net/viewtopic.php?t=1646"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://grsecurity.net/news.php#digitalfud"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/32727"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23713"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017509"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory",
        "URL Repurposed"
      ],
      "url": "http://www.digitalarmaments.com/news_news.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory",
        "URL Repurposed"
      ],
      "url": "http://www.digitalarmaments.com/pre2007-00018659.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/456626/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/456722/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/457509/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/462302/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22014"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://forums.grsecurity.net/viewtopic.php?t=1646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://grsecurity.net/news.php#digitalfud"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/32727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory",
        "URL Repurposed"
      ],
      "url": "http://www.digitalarmaments.com/news_news.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory",
        "URL Repurposed"
      ],
      "url": "http://www.digitalarmaments.com/pre2007-00018659.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/456626/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/456722/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/457509/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/462302/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22014"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0155"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.