← voltar
CVE-2017-1087

CVE-2017-1087

EPSS 0.4%
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
16 nov 2017Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation.
Produtos afetados
FreeBSD · FreeBSD

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.aschttp://www.securityfocus.com/bid/101867http://www.securitytracker.com/id/1039810