Detections
Analytics

FreeBSD : FreeBSD -- blocklistd(8) socket leak (8d8012e5-0705-11f1-8148-bc241121aa0a)

high Nessus Plugin ID 298643

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8d8012e5-0705-11f1-8148-bc241121aa0a advisory.

 Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives.
 Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes before it is able to exec the helper. At this point, blocklistd still records adverse events but is unable to block new addresses or unblock addresses whose database entries have expired.
 Once a second, much higher number of leaked sockets is reached, blocklistd becomes unable to receive new adverse event reports.
 An attacker may take advantage of this by triggering a large number of adverse events from sacrificial IP addresses to effectively disable blocklistd before launching an attack.
 Even in the absence of attacks or probes by would-be attackers, adverse events will occur regularly in the course of normal operations, and blocklistd will gradually run out file descriptors and become ineffective.
 The accumulation of open sockets may have knock-on effects on other parts of the system, resulting in a general slowdown until blocklistd is restarted.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?5e6c3ecf

Plugin Details

Severity: High

ID: 298643

File Name: freebsd_pkg_8d8012e5070511f18148bc241121aa0a.nasl

Version: 1.1

Type: local

Published: 2/11/2026

Updated: 2/11/2026

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/o:freebsd:freebsd

Required KB Items: Settings/ParanoidReport, Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 2/11/2026

Vulnerability Publication Date: 2/11/2026

Reference Information

CVE: CVE-2026-2261