CVE-2017-3144
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ISC | ISC DHCP | ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested. | affected |
Weaknesses
- By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.
Once exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc.
Workarounds
The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation).
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2018:0158
- https://www.debian.org/security/2018/dsa-4133
- http://www.securityfocus.com/bid/102726
- http://www.securitytracker.com/id/1040194
- https://usn.ubuntu.com/3586-1/
- https://kb.isc.org/docs/aa-01541
References
- https://access.redhat.com/errata/RHSA-2018:0158
- https://www.debian.org/security/2018/dsa-4133
- http://www.securityfocus.com/bid/102726
- http://www.securitytracker.com/id/1040194
- https://usn.ubuntu.com/3586-1/
- https://kb.isc.org/docs/aa-01541
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.