dbus -- multiple vulnerabilities

ID 38242D51-3E58-11E4-AC2F-BCAEC565249C
Type freebsd
Reporter FreeBSD
Modified 2014-09-16T00:00:00


Simon McVittie reports:

Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun (CVE-2014-3635). Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections from exhausting the system bus' file descriptors under Linux's default rlimit (CVE-2014-3636). Disconnect connections that still have a fd pending unmarshalling after a new configurable limit, pending_fd_timeout (defaulting to 150 seconds), removing the possibility of creating an abusive connection that cannot be disconnected by setting up a circular reference to a connection's file descriptor (CVE-2014-3637). Reduce default for maximum pending replies per connection from 8192 to 128, mitigating an algorithmic complexity denial-of-service attack (CVE-2014-3638). Reduce default for authentication timeout on the system bus from 30 seconds to 5 seconds, avoiding denial of service by using up all unauthenticated connection slots; and when all unauthenticated connection slots are used up, make new connection attempts block instead of disconnecting them (CVE-2014-3639).