USN-3538-1 openssh vulnerabilities

Jann Horn discovered that OpenSSH incorrectly loaded PKCS11 modules from untrusted directories. A remote attacker could possibly use this issue to execute arbitrary PKCS11 modules. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-10009 Jann Horn discovered that OpenSSH...

FreeBSD : FreeBSD -- POSIX shm allows jails to access global namespace (5b1463dd-dab3-11e7-b5af-a4badb2f4699)

Named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. Impact : A malicious user that has access to a jailed system is able to abuse shared memory by injecting...

FreeBSD 10.3 / 10.4 : shm Insecure Memory Vulnerability (FreeBSD-SA-17:09.shm)

The version of the FreeBSD kernel running on the remote host is prior to 10.3-RELEASE-p24, or 10.4 prior to 10.4-RELEASE-p3. It is, therefore, affected by a potential information disclosure vulnerabilities in shm. An authenticated, remote attacker can exploit this issue by accessing the shared...

DEBIAN-CVE-2017-1000405

The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmdmkdirty in the touchpmd function inside the THP implementation. touchpmd can be reached by getuserpages. In such case, the pmd will become dirty. This scenario breaks the new canfollowwritepmd's logic - pmd can become dirt...

UBUNTU-CVE-2017-1000405

The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmdmkdirty in the touchpmd function inside the THP implementation. touchpmd can be reached by getuserpages. In such case, the pmd will become dirty. This scenario breaks the new canfollowwritepmd's logic - pmd can become dirt...

IBM WebSphere MQ Memory Disclosure Vulnerability

IBM WebSphere MQ is a messaging middleware product from IBM, USA. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A memory leak vulnerability exists in IBM WebSphere MQ versions 8.0 and 9.0. An attacker could exploit the vulnerabili...

CVE-2017-1283

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144...

CVE-2017-1283

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144...

Memory corruption

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144...

CVE-2017-1283

IBM WebSphere MQ 8.0 and 9.0 is affected by CVE-2017-1283 due to a shared memory leak caused by MQ applications using dynamic queues. An authenticated user can trigger the leak, potentially exhausting resources for other MQ applications. Affected versions include IBM MQ 8.0.0.0–8.0.0.6 and 9.0.0....

CVE-2017-1283

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144...

CVE-2017-1087

In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user th...

Privilege escalation

In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user th...

CVE-2017-1087

In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user th...

CVE-2017-1087

Removed by vendor...

CVE-2017-1087

In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user th...

CVE-2017-1087

CVE-2017-1087 affects FreeBSD 10.x where named POSIX shared memory objects are globally scoped across jails and host. According to sources, a process in one jail can read/modify shared memory created by another jail or host, enabling malicious content injection into memory regions trusted by appl...

FreeBSD-SA-17:09.shm

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:09.shm Security Advisory The FreeBSD Project Topic: POSIX shm allows jails to access global namespace Category: core Module: shm Announced: 2017-11-15...

FreeBSD -- POSIX shm allows jails to access global namespace

Problem Description: Named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. Impact: A malicious user that has access to a jailed system is able to abuse shared...

Ubuntu 14.04 LTS / 16.04 LTS : X.Org X server vulnerabilities (USN-3453-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3453-1 advisory. Michal Srb discovered that the X.Org X server incorrectly handled shared memory segments. An attacker able to connect to an X server, either...