CVE-2017-1087

7.8 HIGH
Published: November 16, 2017 Modified: May 13, 2026
View on NVD

Description

In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://www.securityfocus.com/bid/101867
Source: secteam@freebsd.org
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039810
Source: secteam@freebsd.org
Third Party Advisory VDB Entry
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc
Source: secteam@freebsd.org
Vendor Advisory
http://www.securityfocus.com/bid/101867
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039810
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

6 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.8 / 10.0
EPSS (Exploit Probability)
0.1%
16th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22

Affected Vendors

freebsd

Related CVEs

CVE-2026-8654 N/A
CVE-2026-6646 6.4
CVE-2026-4094 8.1
CVE-2026-41702 7.8
CVE-2026-43490 N/A