FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- POSIX shm allows jails to access global namespace

Affected packages
10.4 <= FreeBSD-kernel < 10.4_3
10.3 <= FreeBSD-kernel < 10.3_24


VuXML ID 5b1463dd-dab3-11e7-b5af-a4badb2f4699
Discovery 2017-11-15
Entry 2017-12-06

Problem Description:

Named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system.


A malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid.

This issue could lead to a Denial of Service or local privilege escalation.


CVE Name CVE-2017-1087
FreeBSD Advisory SA-17:09.shm