FreeBSD : dbus -- incomplete fix for CVE-2014-3636 part A (c1930f45-6982-11e4-80e1-bcaec565249c)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Simon McVittie reports :

The patch issued by the D-Bus maintainers for CVE-2014-3636 was based
on incorrect reasoning, and does not fully prevent the attack
described as 'CVE-2014-3636 part A', which is repeated below.
Preventing that attack requires raising the system dbus-daemon's
RLIMIT_NOFILE (ulimit -n) to a higher value. CVE-2014-7824 has been
allocated for this vulnerability.

See also :

http://lists.freedesktop.org/archives/dbus/2014-November/016395.html
http://www.nessus.org/u?ab677b1e

Solution :

Update the affected package.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 79197 ()

Bugtraq ID:

CVE ID: CVE-2014-7824

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now