Home > Vulnerability Database > CVE-2017-1087

Mend.io Vulnerability Database

CVE-2017-1087

Date: November 16, 2017

In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation.

Severity Score

7.8

Related Resources (5)

Url: http://www.securityfocus.com/bid/101867

Url: https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc

Url: http://www.securitytracker.com/id/1039810

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-1087

Url: https://www.mend.io/vulnerability-database/CVE-2017-1087

Severity Score

7.8

Weakness Type (CWE)

Path Traversal

CWE-22

CVSS v3

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	4.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-1087

Date: November 16, 2017

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3

CVSS v2

Do you need more information?