CVE-2017-1087 - OpenCVE

In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/101867	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039810	Third Party Advisory VDB Entry
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: freebsd

Published: 2017-11-15T00:00:00

Updated: 2017-11-17T10:57:01

Reserved: 2016-11-30T00:00:00

Link: CVE-2017-1087

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-11-16T20:29:00.237

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-1087

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "FreeBSD", "vendor": "FreeBSD", "versions": [{"status": "affected", "version": "FreeBSD 10.x"}]}], "datePublic": "2017-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation."}], "problemTypes": [{"descriptions": [{"description": "Privilege escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-17T10:57:01", "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "shortName": "freebsd"}, "references": [{"name": "101867", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101867"}, {"name": "1039810", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039810"}, {"name": "FreeBSD-SA-17:09", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secteam@freebsd.org", "DATE_PUBLIC": "2017-11-15T00:00:00", "ID": "CVE-2017-1087", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FreeBSD", "version": {"version_data": [{"version_value": "FreeBSD 10.x"}]}}]}, "vendor_name": "FreeBSD"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Privilege escalation"}]}]}, "references": {"reference_data": [{"name": "101867", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101867"}, {"name": "1039810", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039810"}, {"name": "FreeBSD-SA-17:09", "refsource": "FREEBSD", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc"}]}}}}, "cveMetadata": {"assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109", "assignerShortName": "freebsd", "cveId": "CVE-2017-1087", "datePublished": "2017-11-15T00:00:00", "dateReserved": "2016-11-30T00:00:00", "dateUpdated": "2017-11-17T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B2AEFCC-A2F6-45A6-A2EF-24F7906E44E2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation."}, {"lang": "es", "value": "En FreeBSD en versiones 10.x anteriores a 10.4-STABLE, 10.4-RELEASE-p3 y 10.3-RELEASE-p24, las rutas nombradas tienen alcance global, lo que significa que un proceso localizado en una jaula puede leer y modificar el contenido de los objetos de la memoria compartida de POSIX creados por un proceso en otra jaula o el sistema host. Como resultado, un usuario malicioso que tenga acceso al sistema enjaulado puede vulnerar la memoria compartida inyectando contenidos maliciosos en la regi\u00f3n de memoria compartida. Esta regi\u00f3n de memoria podr\u00eda ser ejecutada por aplicaciones que conf\u00eden en la memoria compartida, como Squid. Este problema podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) o un escalado de privilegios locales."}], "id": "CVE-2017-1087", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-16T20:29:00.237", "references": [{"source": "secteam@freebsd.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101867"}, {"source": "secteam@freebsd.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039810"}, {"source": "secteam@freebsd.org", "tags": ["Vendor Advisory"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc"}], "sourceIdentifier": "secteam@freebsd.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}