CVE-2017-1087 Information

Description

In FreeBSD 10.x before 10.4-STABLE 10.4-RELEASE-p3 and 10.3-RELEASE-p24 named paths are globally scoped meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory like Squid. This issue could lead to a Denial of Service or local privilege escalation.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/101867 http://www.securitytracker.com/id/1039810 https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8