PaX has a flaw that allows unprivileged users to execute arbitrary code with the privileges of a binary that executes setuid or setgid.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/36482/PaXprivesc.txt
Source: https://packetstormsecurity.com/files/36482/PaXprivesc.txt.html