FreeBSD Bugzilla – Attachment 188553 Details for
Bug 224106
security/vuxml missing FreeBSD SA entries
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
entry for SA-17:09.shm
vuln_SA-17:09.shm.xml (text/plain), 1.17 KB, created by
Miroslav Lachman
on 2017-12-05 14:53:01 UTC
(
hide
)
Description:
entry for SA-17:09.shm
Filename:
MIME Type:
Creator:
Miroslav Lachman
Created:
2017-12-05 14:53:01 UTC
Size:
1.17 KB
patch
obsolete
> > <vuln vid="60a8ea44-d9cb-11e7-8804-f8b156ac3ff9"> > <topic>POSIX shm allows jails to access global namespace</topic> > <affects> > <package> > <name>FreeBSD</name> > <range><ge>10.4</ge><lt>10.4_3</lt></range> > <range><ge>10.3</ge><lt>10.3_24</lt></range> > </package> > </affects> > <description> > <body xmlns="http://www.w3.org/1999/xhtml"> > <h1>Problem Description:</h1> > <p>Named paths are globally scoped, meaning a process located > in one jail can read and modify the content of POSIX shared > memory objects created by a process in another jail or the host > system.</p> > <h1>Impact:</h1> > <p>A malicious user that has access to a jailed system > is able to abuse shared memory by injecting malicious content > in the shared memory region. This memory region might > be executed by applications trusting the shared memory, > like Squid.</p> > </body> > </description> > <references> > <cvename>CVE-2017-1087</cvename> > <freebsdsa>SA-17:09.shm</freebsdsa> > </references> > <dates> > <discovery>2017-11-13</discovery> > <entry>2017-12-05</entry> > </dates> > </vuln>
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 224106
:
188542
|
188552
| 188553 |
188554
|
188555