NVD Vulnerability Detail

CVE-2007-0257

Summary	Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code
Publication Date	Jan. 17, 2007, 8:28 a.m.
Registration Date	Jan. 29, 2021, 2:05 p.m.
Last Update	Aug. 7, 2024, 9:15 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.0.1:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.5:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.1:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.7:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.8:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.2:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:1.9.4:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.4:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.3:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.0:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.0.2:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.6:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://forums.grsecurity.net/viewtopic.php?t=1646	MISC	Vendor Advisory
2	http://www.digitalarmaments.com/news_news.shtml	MISC	Vendor Advisory URL Repurposed
3	http://www.digitalarmaments.com/pre2007-00018659.html	MISC	Vendor Advisory URL Repurposed
4	http://www.securityfocus.com/bid/22014	BID
5	http://secunia.com/advisories/23713	SECUNIA
6	http://grsecurity.net/news.php#digitalfud	MISC
7	http://securitytracker.com/id?1017509	SECTRACK
8	http://osvdb.org/32727	OSVDB
9	http://www.vupen.com/english/advisories/2007/0155	VUPEN
10	http://www.securityfocus.com/archive/1/462302/100/100/threaded	BUGTRAQ
11	http://www.securityfocus.com/archive/1/457509/100/0/threaded	BUGTRAQ
12	http://www.securityfocus.com/archive/1/456722/100/0/threaded	BUGTRAQ
13	http://www.securityfocus.com/archive/1/456626/100/0/threaded	BUGTRAQ

Common Vulnerabilities List

JVN Vulnerability Information

grsecurity の grsecurity kernel patch における脆弱性

Title	grsecurity の grsecurity kernel patch における脆弱性
Summary	grsecurity の grsecurity kernel patch には、不特定の脆弱性が存在します。
Possible impacts
Solution	ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date	Jan. 16, 2007, midnight
Registration Date	July 18, 2024, 6:29 p.m.
Last Update	July 18, 2024, 6:29 p.m.

Affected System

grsecurity

grsecurity kernel patch 1.9.4

grsecurity kernel patch 2.0.1

grsecurity kernel patch 2.0.2

grsecurity kernel patch 2.1.0

grsecurity kernel patch 2.1.1

grsecurity kernel patch 2.1.2

grsecurity kernel patch 2.1.3

grsecurity kernel patch 2.1.4

grsecurity kernel patch 2.1.5

grsecurity kernel patch 2.1.6

grsecurity kernel patch 2.1.7

grsecurity kernel patch 2.1.8

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-0257	https://www.cve.org/CVERecord?id=CVE-2007-0257
National Vulnerability Database (NVD)
2	CVE-2007-0257	https://nvd.nist.gov/vuln/detail/CVE-2007-0257

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/scap/cwe.html

その他

No	Name	URL
関連文書
1	forums.grsecurity.net (viewtopic.php?t=1646)	http://forums.grsecurity.net/viewtopic.php?t=1646
2	grsecurity.net (news.php#digitalfud)	http://grsecurity.net/news.php#digitalfud
3	osvdb.org (32727)	http://osvdb.org/32727
4	secunia.com (advisories/23713)	http://secunia.com/advisories/23713
5	securitytracker.com (id?1017509)	http://securitytracker.com/id?1017509
6	www.digitalarmaments.com (news_news.shtml)	http://www.digitalarmaments.com/news_news.shtml
7	www.digitalarmaments.com (pre2007-00018659)	http://www.digitalarmaments.com/pre2007-00018659.html
8	www.securityfocus.com (bid/22014)	http://www.securityfocus.com/bid/22014
9	www.securityfocus.com (threaded)	http://www.securityfocus.com/archive/1/462302/100/100/threaded
10	www.securityfocus.com (threaded)	http://www.securityfocus.com/archive/1/456626/100/0/threaded
11	www.securityfocus.com (threaded)	http://www.securityfocus.com/archive/1/456722/100/0/threaded
12	www.securityfocus.com (threaded)	http://www.securityfocus.com/archive/1/457509/100/0/threaded
13	www.vupen.com (advisories/2007/0155)	http://www.vupen.com/english/advisories/2007/0155

Change Log

No	Changed Details	Date of change
1	[2024年07月18日] 掲載	July 18, 2024, 6:29 p.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.0.1:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.5:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.1:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.7:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.8:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.2:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:1.9.4:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.4:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.3:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.0:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.0.2:::::::*
cpe:2.3:a:grsecurity:grsecurity_kernel_patch:2.1.6:::::::*