CVE-2017-1087

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-1087

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1087.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-1087

Withdrawn

2024-06-30T16:00:03.518952Z

Published

2017-11-16T20:29:00Z

Modified

2024-06-04T05:04:54.771962Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation.

References

Affected packages

Debian:10 / kfreebsd-10

Package

Name: kfreebsd-10
Purl: pkg:deb/debian/kfreebsd-10?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.3~svn300087-5

10.3~svn300087-6

10.3~svn300087+ds1-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1087.json"