FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
5b1463dd-dab3-11e7-b5af-a4badb2f4699	FreeBSD -- POSIX shm allows jails to access global namespace Problem Description: Named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. Impact: A malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation. Discovery 2017-11-15 Entry 2017-12-06 FreeBSD-kernel ge 10.4 lt 10.4_3 ge 10.3 lt 10.3_24 CVE-2017-1087 SA-17:09.shm

VuXML ID

Description

5b1463dd-dab3-11e7-b5af-a4badb2f4699

FreeBSD -- POSIX shm allows jails to access global namespace

Problem Description:

Named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system.

Impact:

A malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid.

This issue could lead to a Denial of Service or local privilege escalation.

Discovery 2017-11-15
Entry 2017-12-06
FreeBSD-kernel

ge 10.4 lt 10.4_3

ge 10.3 lt 10.3_24

CVE-2017-1087
SA-17:09.shm