FreeBSD : dbus -- incomplete fix for CVE-2014-3636 part A (c1930f45-6982-11e4-80e1-bcaec565249c)
Low Nessus Plugin ID 79197
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionSimon McVittie reports :
The patch issued by the D-Bus maintainers for CVE-2014-3636 was based on incorrect reasoning, and does not fully prevent the attack described as 'CVE-2014-3636 part A', which is repeated below.
Preventing that attack requires raising the system dbus-daemon's RLIMIT_NOFILE (ulimit -n) to a higher value. CVE-2014-7824 has been allocated for this vulnerability.
SolutionUpdate the affected package.