CVE-2007-0257

HIGH

grsecurity PaX - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0257. PoCs published by anonymous.

AI-analyzed exploit summary This exploit targets a local privilege escalation vulnerability in Grsecurity Kernel PaX by manipulating memory mappings and triggering a fault to overlap kernel memory. It uses mmap and mprotect to set up executable memory regions and attempts to gain superuser privileges.

Description

Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code

Exploits (1)

exploitdb WORKING POC VERIFIED
by anonymous · clocallinux
https://www.exploit-db.com/exploits/29446

This exploit targets a local privilege escalation vulnerability in Grsecurity Kernel PaX by manipulating memory mappings and triggering a fault to overlap kernel memory. It uses mmap and mprotect to set up executable memory regions and attempts to gain superuser privileges.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Grsecurity Kernel PaX (specific version not specified)
No auth needed
Prerequisites: Local access to the target system · Grsecurity Kernel PaX with vulnerable configuration
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017509
Vendor Advisory, URL Repurposed x_refsource_misc
http://www.digitalarmaments.com/pre2007-00018659.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/456626/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/456722/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/462302/100/100/threaded
Vendor Advisory, URL Repurposed x_refsource_misc
http://www.digitalarmaments.com/news_news.shtml
Various Sources x_refsource_misc
http://grsecurity.net/news.php#digitalfud
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23713
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22014
Vendor Advisory x_refsource_misc
http://forums.grsecurity.net/viewtopic.php?t=1646
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/457509/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0155
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/32727

Scores

CVSS v3 7.8
EPSS 0.0096
EPSS Percentile 57.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (12)
grsecurity/grsecurity_kernel_patch 1.9.4
grsecurity/grsecurity_kernel_patch 2.0.1
grsecurity/grsecurity_kernel_patch 2.0.2
grsecurity/grsecurity_kernel_patch 2.1.0
grsecurity/grsecurity_kernel_patch 2.1.1
grsecurity/grsecurity_kernel_patch 2.1.2
grsecurity/grsecurity_kernel_patch 2.1.3
grsecurity/grsecurity_kernel_patch 2.1.4
grsecurity/grsecurity_kernel_patch 2.1.5
grsecurity/grsecurity_kernel_patch 2.1.6
... and 2 more
Published Jan 16, 2007
Tracked Since Feb 18, 2026