grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass read-only permissions by using mmap to directly map /dev/mem or /dev/kmem to kernel memory.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| grsecurity | grsecurity_kernel_patch | 1.9.4 |
The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be restarted with the admin role still active.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| grsecurity | grsecurity_kernel_patch | 2.1.1 |
| grsecurity | grsecurity_kernel_patch | 2.1.7 |
| grsecurity | grsecurity_kernel_patch | 2.0.2 |
| grsecurity | grsecurity_kernel_patch | 2.0.1 |
| grsecurity | grsecurity_kernel_patch | 2.1.0 |
| grsecurity | grsecurity_kernel_patch | 2.1.4 |
| grsecurity | grsecurity_kernel_patch | 2.1.3 |
| grsecurity | grsecurity_kernel_patch | 2.1.6 |
| grsecurity | grsecurity_kernel_patch | 2.1.2 |
| grsecurity | grsecurity_kernel_patch | 2.1.5 |
Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| grsecurity | grsecurity_kernel_patch | * |
Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| grsecurity | grsecurity_kernel_patch | 2.1.7 |
| grsecurity | grsecurity_kernel_patch | 2.0.2 |
| grsecurity | grsecurity_kernel_patch | 1.9.4 |
| grsecurity | grsecurity_kernel_patch | 2.1.0 |
| grsecurity | grsecurity_kernel_patch | 2.1.4 |
| grsecurity | grsecurity_kernel_patch | 2.1.3 |
| grsecurity | grsecurity_kernel_patch | 2.1.8 |
| grsecurity | grsecurity_kernel_patch | 2.1.6 |
| grsecurity | grsecurity_kernel_patch | 2.1.1 |
| grsecurity | grsecurity_kernel_patch | 2.0.1 |
| grsecurity | grsecurity_kernel_patch | 2.1.2 |
| grsecurity | grsecurity_kernel_patch | 2.1.5 |