Description
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101867
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039810
Vendor Advisory vendor-advisory
x_refsource_freebsd
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc
Scores
CVSS v3
7.8
EPSS
0.0005
EPSS Percentile
16.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (2)
freebsd/freebsd
FreeBSD/FreeBSD
FreeBSD 10.x
Published
Nov 16, 2017
Tracked Since
Feb 18, 2026