CVE-2017-3144

MEDIUM5.3

High EPSS

Description

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected products

ISC / ISC DHCPISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested. – ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.

References

VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:0158
VENDOR_ADVISORYhttps://www.debian.org/security/2018/dsa-4133
MISChttp://www.securityfocus.com/bid/102726
MISChttp://www.securitytracker.com/id/1040194
VENDOR_ADVISORYhttps://usn.ubuntu.com/3586-1/
MISChttps://kb.isc.org/docs/aa-01541