Detections
Analytics

FreeBSD : FreeBSD -- routed(8) remote denial of service vulnerability (734233f4-6007-11e6-a6c3-14dae9d210b8)

medium Nessus Plugin ID 92909

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The input path in routed(8) will accept queries from any source and attempt to answer them. However, the output path assumes that the destination address for the response is on a directly connected network. Impact : Upon receipt of a query from a source which is not on a directly connected network, routed(8) will trigger an assertion and terminate. The affected system's routing table will no longer be updated. If the affected system is a router, its routes will eventually expire from other routers' routing tables, and its networks will no longer be reachable unless they are also connected to another router.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?b1df2075

Plugin Details

Severity: Medium

ID: 92909

File Name: freebsd_pkg_734233f4600711e6a6c314dae9d210b8.nasl

Version: 2.4

Type: local

Published: 8/12/2016

Updated: 1/4/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 8/11/2016

Vulnerability Publication Date: 10/21/2014

Reference Information

CVE: CVE-2014-3955

BID: 70693

FreeBSD: SA-14:21.routed