7.8

CVE-2007-0257

Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities."  The developer also cites a past disclosure that was not proven.  As of 20070120, the original researcher has released demonstration code
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.96% 0.57
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://forums.grsecurity.net/viewtopic.php?t=1646
Vendor Advisory
http://grsecurity.net/news.php#digitalfud
http://www.digitalarmaments.com/news_news.shtml
Vendor Advisory
URL Repurposed
http://osvdb.org/32727
http://secunia.com/advisories/23713
http://securitytracker.com/id?1017509
http://www.digitalarmaments.com/pre2007-00018659.html
Vendor Advisory
URL Repurposed
http://www.securityfocus.com/archive/1/456626/100/0/threaded
http://www.securityfocus.com/archive/1/456722/100/0/threaded
http://www.securityfocus.com/archive/1/457509/100/0/threaded
http://www.securityfocus.com/archive/1/462302/100/100/threaded
http://www.securityfocus.com/bid/22014
http://www.vupen.com/english/advisories/2007/0155