GSD-2007-0257

Vulnerability from gsd - Updated: 2023-12-13 01:21
Details
** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code.
Aliases
Aliases
CVE-2007-0257
To clipboard 

{
  "GSD": {
    "alias": "CVE-2007-0257",
    "description": "** DISPUTED **  Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that \"the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities.\"  The developer also cites a past disclosure that was not proven.  As of 20070120, the original researcher has released demonstration code.",
    "id": "GSD-2007-0257"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0257"
      ],
      "details": "** DISPUTED **  Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that \"the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities.\"  The developer also cites a past disclosure that was not proven.  As of 20070120, the original researcher has released demonstration code.",
      "id": "GSD-2007-0257",
      "modified": "2023-12-13T01:21:35.802389Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-0257",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** DISPUTED **  Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that \"the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities.\"  The developer also cites a past disclosure that was not proven.  As of 20070120, the original researcher has released demonstration code."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1017509",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017509"
          },
          {
            "name": "http://www.digitalarmaments.com/pre2007-00018659.html",
            "refsource": "MISC",
            "url": "http://www.digitalarmaments.com/pre2007-00018659.html"
          },
          {
            "name": "20070111 Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/456626/100/0/threaded"
          },
          {
            "name": "20070112 Lies? [Was: Re: Digital Armaments Security Pre-Advisory11.01.2007: Grsecurity Kernel PaX - Local root vulnerability]",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/456722/100/0/threaded"
          },
          {
            "name": "20070309 Re: Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/462302/100/100/threaded"
          },
          {
            "name": "http://www.digitalarmaments.com/news_news.shtml",
            "refsource": "MISC",
            "url": "http://www.digitalarmaments.com/news_news.shtml"
          },
          {
            "name": "http://grsecurity.net/news.php#digitalfud",
            "refsource": "MISC",
            "url": "http://grsecurity.net/news.php#digitalfud"
          },
          {
            "name": "23713",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23713"
          },
          {
            "name": "22014",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/22014"
          },
          {
            "name": "http://forums.grsecurity.net/viewtopic.php?t=1646",
            "refsource": "MISC",
            "url": "http://forums.grsecurity.net/viewtopic.php?t=1646"
          },
          {
            "name": "20070120 Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/457509/100/0/threaded"
          },
          {
            "name": "ADV-2007-0155",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0155"
          },
          {
            "name": "32727",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/32727"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:1.9.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1E8B4803-8997-458A-A62C-F8E1BDC0A57E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.0.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "09DF5719-7980-42F1-A55F-BA42B5AB51E8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.0.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E661647F-ED24-40C9-B85D-9C60F45EA00F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B4D9BF20-272D-428A-88DD-0CA90B14C631",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "95BF408B-DE5C-4AD4-986B-FF9C38E1B515",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "23E79624-4CBD-4744-BD1E-518B9EBFF7C1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "61DC3A73-B269-4418-A8EC-877BDDDB57BF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5F45B7B0-DAEE-4101-97AB-C41F6E206916",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EAC33E4A-76D3-4C16-B261-CDB0CF78F048",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AB4F7AFD-AD7A-45ED-9660-7BC6DFCD36E9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B598D0A0-21A2-4731-B816-A96B4D8A389A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.8:*:*:*:*:*:*:*",
                    "matchCriteriaId": "30A7EF3A-9C9D-49EC-B214-80D43558CFDD",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that \"the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities.\"  The developer also cites a past disclosure that was not proven.  As of 20070120, the original researcher has released demonstration code"
          },
          {
            "lang": "es",
            "value": "** DISPUTADA ** Vulnerabilidad no especificada en la funci\u00f3n expand_stack en grsecurity PaX permite a usuarios locales obtener privilegios a trav\u00e9s de vectores no especificados. NOTA: el desarrollador grsecurity ha disputado este problema, diciendo que \u0027la funci\u00f3n donde dicen que est\u00e1 la vulnerabilidad es una funci\u00f3n insignificante, que puede ser, y ha sido, f\u00e1cilmente comprobada por cualquier supuesta vulnerabilidad.\u0027 El desarrollador tambi\u00e9n cita una divulgaci\u00f3n anterior que no se prob\u00f3. Desde el 20 de enero del 2007, el investigador original ha emitido c\u00f3digo de demostraci\u00f3n."
          }
        ],
        "id": "CVE-2007-0257",
        "lastModified": "2024-04-11T00:41:37.657",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "integrityImpact": "COMPLETE",
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 10.0,
              "obtainAllPrivilege": true,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ]
        },
        "published": "2007-01-16T23:28:00.000",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "http://forums.grsecurity.net/viewtopic.php?t=1646"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://grsecurity.net/news.php#digitalfud"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://osvdb.org/32727"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://secunia.com/advisories/23713"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://securitytracker.com/id?1017509"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Vendor Advisory",
              "URL Repurposed"
            ],
            "url": "http://www.digitalarmaments.com/news_news.shtml"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Vendor Advisory",
              "URL Repurposed"
            ],
            "url": "http://www.digitalarmaments.com/pre2007-00018659.html"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://www.securityfocus.com/archive/1/456626/100/0/threaded"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://www.securityfocus.com/archive/1/456722/100/0/threaded"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://www.securityfocus.com/archive/1/457509/100/0/threaded"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://www.securityfocus.com/archive/1/462302/100/100/threaded"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://www.securityfocus.com/bid/22014"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://www.vupen.com/english/advisories/2007/0155"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-Other"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.