PaX double-mirrored VMA munmap local root exploit. This exploit has only been tested on Debian 3.0 running Linux 2.4.29 patched with grsecurity-2.1.1-2.4.29-200501231159.
60c1ceed2d16f7931996d9a19b03526bcb19cf2759c368e25b75293b7ef9f6f5
PaX has a flaw that allows unprivileged users to execute arbitrary code with the privileges of a binary that executes setuid or setgid.
7e39dbcce3e6135a21aa20176ace9d0c41dc2f78632fcaf5c8e3f1d7ea79cf4e