What is the severity of CVE-2017-3144?

CVE-2017-3144 is classified as a medium severity vulnerability due to its potential to exhaust socket descriptors.

How do I fix CVE-2017-3144?

To mitigate CVE-2017-3144, upgrade ISC DHCP to version 4.4 or later or apply vendor patches as specified.

What systems are affected by CVE-2017-3144?

CVE-2017-3144 affects ISC DHCP versions 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, and 4.3.0 to 4.3.6.

Can older versions of ISC DHCP be impacted by CVE-2017-3144?

Yes, older versions of ISC DHCP may also be vulnerable to CVE-2017-3144, although they are not explicitly listed.

Vulnerability/
CVE-2017-3144

high

7.5

CWE

400

6/12/2017

16/1/2019

16/9/2024

CVE-2017-3144: Failure to properly clean up closed OMAPI connections can exhaust available sockets

Q: What causes CVE-2017-3144?

CVE-2017-3144 is caused by the failure to properly clean up closed OMAPI connections, leading to resource exhaustion.

First published: Wed Dec 06 2017(Updated: )

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.

Credit: security-officer@isc.org

Affected Software	Affected Version	How to fix
debian/isc-dhcp	<=4.2.2.dfsg.1-5+deb70u8<=4.3.1-6	4.3.5-3.1 4.3.5-3+deb9u1 4.3.1-6+deb8u3
debian/isc-dhcp		4.4.1-2.3+deb11u2 4.4.1-2.3+deb11u1 4.4.3-P1-2 4.4.3-P1-5
ISC DHCP Server	>=4.2.0<=4.2.8
ISC DHCP Server	>=4.3.0<=4.3.6
ISC DHCP Server	=4.1-esv
ISC DHCP Server	=4.1-esv-r1
ISC DHCP Server	=4.1-esv-r10
ISC DHCP Server	=4.1-esv-r10_b1
ISC DHCP Server	=4.1-esv-r10_rc1
ISC DHCP Server	=4.1-esv-r11
ISC DHCP Server	=4.1-esv-r11_b1
ISC DHCP Server	=4.1-esv-r11_rc1
ISC DHCP Server	=4.1-esv-r11_rc2
ISC DHCP Server	=4.1-esv-r12
ISC DHCP Server	=4.1-esv-r12_b1
ISC DHCP Server	=4.1-esv-r12_p1
ISC DHCP Server	=4.1-esv-r13
ISC DHCP Server	=4.1-esv-r13_b1
ISC DHCP Server	=4.1-esv-r14
ISC DHCP Server	=4.1-esv-r14_b1
ISC DHCP Server	=4.1-esv-r15
ISC DHCP Server	=4.1-esv-r2
ISC DHCP Server	=4.1-esv-r3
ISC DHCP Server	=4.1-esv-r3_b1
ISC DHCP Server	=4.1-esv-r4
ISC DHCP Server	=4.1-esv-r5
ISC DHCP Server	=4.1-esv-r5_b1
ISC DHCP Server	=4.1-esv-r5_rc1
ISC DHCP Server	=4.1-esv-r5_rc2
ISC DHCP Server	=4.1-esv-r6
ISC DHCP Server	=4.1-esv-r7
ISC DHCP Server	=4.1-esv-r8
ISC DHCP Server	=4.1-esv-r8_b1
ISC DHCP Server	=4.1-esv-r8_rc1
ISC DHCP Server	=4.1-esv-r9
ISC DHCP Server	=4.1-esv-r9_b1
ISC DHCP Server	=4.1-esv-r9_rc1
ISC DHCP Server	=4.1.0
redhat enterprise Linux desktop	=7.0
redhat enterprise Linux server	=7.0
redhat enterprise Linux server aus	=7.4
redhat enterprise Linux server aus	=7.6
redhat enterprise Linux server eus	=7.4
redhat enterprise Linux server eus	=7.5
redhat enterprise Linux server eus	=7.6
redhat enterprise Linux server tus	=7.4
redhat enterprise Linux server tus	=7.6
redhat enterprise Linux workstation	=7.0
Ubuntu Linux	=14.04
Ubuntu Linux	=16.04
Ubuntu Linux	=17.10
Debian GNU/Linux	=8.0
Debian GNU/Linux	=9.0

Remedy

https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a42b00fa234d06b6dfde3d03451894

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-3144?
CVE-2017-3144 is classified as a medium severity vulnerability due to its potential to exhaust socket descriptors.
How do I fix CVE-2017-3144?
To mitigate CVE-2017-3144, upgrade ISC DHCP to version 4.4 or later or apply vendor patches as specified.
What systems are affected by CVE-2017-3144?
CVE-2017-3144 affects ISC DHCP versions 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, and 4.3.0 to 4.3.6.
What causes CVE-2017-3144?
CVE-2017-3144 is caused by the failure to properly clean up closed OMAPI connections, leading to resource exhaustion.
Can older versions of ISC DHCP be impacted by CVE-2017-3144?
Yes, older versions of ISC DHCP may also be vulnerable to CVE-2017-3144, although they are not explicitly listed.

collector/debian-bugs
alias/CVE-2017-3144
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
agent/remedy
agent/weakness
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/title
agent/severity
collector/usn-cve
source/Ubuntu
agent/references
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/author
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-index
package-manager/debian
vendor/isc
canonical/isc dhcp server
version/isc dhcp server/4.2.0
version/isc dhcp server/4.2.8
version/isc dhcp server/4.3.0
version/isc dhcp server/4.3.6
version/isc dhcp server/4.1-esv
version/isc dhcp server/4.1-esv-r1
version/isc dhcp server/4.1-esv-r10
version/isc dhcp server/4.1-esv-r10_b1
version/isc dhcp server/4.1-esv-r10_rc1
version/isc dhcp server/4.1-esv-r11
version/isc dhcp server/4.1-esv-r11_b1
version/isc dhcp server/4.1-esv-r11_rc1
version/isc dhcp server/4.1-esv-r11_rc2
version/isc dhcp server/4.1-esv-r12
version/isc dhcp server/4.1-esv-r12_b1
version/isc dhcp server/4.1-esv-r12_p1
version/isc dhcp server/4.1-esv-r13
version/isc dhcp server/4.1-esv-r13_b1
version/isc dhcp server/4.1-esv-r14
version/isc dhcp server/4.1-esv-r14_b1
version/isc dhcp server/4.1-esv-r15
version/isc dhcp server/4.1-esv-r2
version/isc dhcp server/4.1-esv-r3
version/isc dhcp server/4.1-esv-r3_b1
version/isc dhcp server/4.1-esv-r4
version/isc dhcp server/4.1-esv-r5
version/isc dhcp server/4.1-esv-r5_b1
version/isc dhcp server/4.1-esv-r5_rc1
version/isc dhcp server/4.1-esv-r5_rc2
version/isc dhcp server/4.1-esv-r6
version/isc dhcp server/4.1-esv-r7
version/isc dhcp server/4.1-esv-r8
version/isc dhcp server/4.1-esv-r8_b1
version/isc dhcp server/4.1-esv-r8_rc1
version/isc dhcp server/4.1-esv-r9
version/isc dhcp server/4.1-esv-r9_b1
version/isc dhcp server/4.1-esv-r9_rc1
version/isc dhcp server/4.1.0
vendor/redhat
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.4
version/redhat enterprise linux server aus/7.6
canonical/redhat enterprise linux server eus
version/redhat enterprise linux server eus/7.4
version/redhat enterprise linux server eus/7.5
version/redhat enterprise linux server eus/7.6
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.4
version/redhat enterprise linux server tus/7.6
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0
vendor/canonical
canonical/ubuntu linux
version/ubuntu linux/14.04
version/ubuntu linux/16.04
version/ubuntu linux/17.10
vendor/debian
canonical/debian gnu/linux
version/debian gnu/linux/8.0
version/debian gnu/linux/9.0

CVE-2017-3144: Failure to properly clean up closed OMAPI connections can exhaust available sockets

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-3144?

How do I fix CVE-2017-3144?

What systems are affected by CVE-2017-3144?

What causes CVE-2017-3144?

Can older versions of ISC DHCP be impacted by CVE-2017-3144?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2017-3144?

How do I fix CVE-2017-3144?

What systems are affected by CVE-2017-3144?

What causes CVE-2017-3144?

Can older versions of ISC DHCP be impacted by CVE-2017-3144?