FreeBSD : dbus -- multiple vulnerabilities (38242d51-3e58-11e4-ac2f-bcaec565249c)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Simon McVittie reports :

Do not accept an extra fd in the padding of a cmsg message, which
could lead to a 4-byte heap buffer overrun (CVE-2014-3635).

Reduce default for maximum Unix file descriptors passed per message
from 1024 to 16, preventing a uid with the default maximum number of
connections from exhausting the system bus' file descriptors under
Linux's default rlimit (CVE-2014-3636).

Disconnect connections that still have a fd pending unmarshalling
after a new configurable limit, pending_fd_timeout (defaulting to 150
seconds), removing the possibility of creating an abusive connection
that cannot be disconnected by setting up a circular reference to a
connection's file descriptor (CVE-2014-3637).

Reduce default for maximum pending replies per connection from 8192 to
128, mitigating an algorithmic complexity denial-of-service attack
(CVE-2014-3638).

Reduce default for authentication timeout on the system bus from 30
seconds to 5 seconds, avoiding denial of service by using up all
unauthenticated connection slots; and when all unauthenticated
connection slots are used up, make new connection attempts block
instead of disconnecting them (CVE-2014-3639).

See also :

http://lists.freedesktop.org/archives/dbus/2014-September/016343.html
http://www.nessus.org/u?3bf7eb3d

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.4
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 77733 ()

Bugtraq ID:

CVE ID: CVE-2014-3635
CVE-2014-3636
CVE-2014-3637
CVE-2014-3638
CVE-2014-3639

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now