This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Simon McVittie reports :
Do not accept an extra fd in the padding of a cmsg message, which
could lead to a 4-byte heap buffer overrun (CVE-2014-3635).
Reduce default for maximum Unix file descriptors passed per message
from 1024 to 16, preventing a uid with the default maximum number of
connections from exhausting the system bus' file descriptors under
Linux's default rlimit (CVE-2014-3636).
Disconnect connections that still have a fd pending unmarshalling
after a new configurable limit, pending_fd_timeout (defaulting to 150
seconds), removing the possibility of creating an abusive connection
that cannot be disconnected by setting up a circular reference to a
connection's file descriptor (CVE-2014-3637).
Reduce default for maximum pending replies per connection from 8192 to
128, mitigating an algorithmic complexity denial-of-service attack
Reduce default for authentication timeout on the system bus from 30
seconds to 5 seconds, avoiding denial of service by using up all
unauthenticated connection slots; and when all unauthenticated
connection slots are used up, make new connection attempts block
instead of disconnecting them (CVE-2014-3639).
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 4.4