FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dbus -- multiple vulnerabilities

Affected packages
dbus < 1.8.8

Details

VuXML ID 38242d51-3e58-11e4-ac2f-bcaec565249c
Discovery 2014-09-16
Entry 2014-09-17

Simon McVittie reports:

Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun (CVE-2014-3635).

Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections from exhausting the system bus' file descriptors under Linux's default rlimit (CVE-2014-3636).

Disconnect connections that still have a fd pending unmarshalling after a new configurable limit, pending_fd_timeout (defaulting to 150 seconds), removing the possibility of creating an abusive connection that cannot be disconnected by setting up a circular reference to a connection's file descriptor (CVE-2014-3637).

Reduce default for maximum pending replies per connection from 8192 to 128, mitigating an algorithmic complexity denial-of-service attack (CVE-2014-3638).

Reduce default for authentication timeout on the system bus from 30 seconds to 5 seconds, avoiding denial of service by using up all unauthenticated connection slots; and when all unauthenticated connection slots are used up, make new connection attempts block instead of disconnecting them (CVE-2014-3639).

References

CVE Name CVE-2014-3635
CVE Name CVE-2014-3636
CVE Name CVE-2014-3637
CVE Name CVE-2014-3638
CVE Name CVE-2014-3639
URL http://lists.freedesktop.org/archives/dbus/2014-September/016343.html