Detections
Analytics

FreeBSD : dbus -- multiple vulnerabilities (38242d51-3e58-11e4-ac2f-bcaec565249c)

medium Nessus Plugin ID 77733

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Simon McVittie reports :

Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun (CVE-2014-3635).

Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections from exhausting the system bus' file descriptors under Linux's default rlimit (CVE-2014-3636).

Disconnect connections that still have a fd pending unmarshalling after a new configurable limit, pending_fd_timeout (defaulting to 150 seconds), removing the possibility of creating an abusive connection that cannot be disconnected by setting up a circular reference to a connection's file descriptor (CVE-2014-3637).

Reduce default for maximum pending replies per connection from 8192 to 128, mitigating an algorithmic complexity denial-of-service attack (CVE-2014-3638).

Reduce default for authentication timeout on the system bus from 30 seconds to 5 seconds, avoiding denial of service by using up all unauthenticated connection slots; and when all unauthenticated connection slots are used up, make new connection attempts block instead of disconnecting them (CVE-2014-3639).

Solution

Update the affected package.

See Also

https://lists.freedesktop.org/archives/dbus/2014-September/016343.html

http://www.nessus.org/u?e22fca01

Plugin Details

Severity: Medium

ID: 77733

File Name: freebsd_pkg_38242d513e5811e4ac2fbcaec565249c.nasl

Version: 1.8

Type: local

Published: 9/18/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 4.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:dbus, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 9/17/2014

Vulnerability Publication Date: 9/16/2014

Reference Information

CVE: CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638, CVE-2014-3639