7.5
CWE
400
Advisory Published
CVE Published
Updated

CVE-2017-3144: Failure to properly clean up closed OMAPI connections can exhaust available sockets

First published: Wed Dec 06 2017(Updated: )

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.

Credit: security-officer@isc.org security-officer@isc.org

Affected SoftwareAffected VersionHow to fix
ISC DHCP>=4.2.0<=4.2.8
ISC DHCP>=4.3.0<=4.3.6
ISC DHCP=4.1-esv
ISC DHCP=4.1-esv-r1
ISC DHCP=4.1-esv-r10
ISC DHCP=4.1-esv-r10_b1
ISC DHCP=4.1-esv-r10_rc1
ISC DHCP=4.1-esv-r11
ISC DHCP=4.1-esv-r11_b1
ISC DHCP=4.1-esv-r11_rc1
ISC DHCP=4.1-esv-r11_rc2
ISC DHCP=4.1-esv-r12
ISC DHCP=4.1-esv-r12_b1
ISC DHCP=4.1-esv-r12_p1
ISC DHCP=4.1-esv-r13
ISC DHCP=4.1-esv-r13_b1
ISC DHCP=4.1-esv-r14
ISC DHCP=4.1-esv-r14_b1
ISC DHCP=4.1-esv-r15
ISC DHCP=4.1-esv-r2
ISC DHCP=4.1-esv-r3
ISC DHCP=4.1-esv-r3_b1
ISC DHCP=4.1-esv-r4
ISC DHCP=4.1-esv-r5
ISC DHCP=4.1-esv-r5_b1
ISC DHCP=4.1-esv-r5_rc1
ISC DHCP=4.1-esv-r5_rc2
ISC DHCP=4.1-esv-r6
ISC DHCP=4.1-esv-r7
ISC DHCP=4.1-esv-r8
ISC DHCP=4.1-esv-r8_b1
ISC DHCP=4.1-esv-r8_rc1
ISC DHCP=4.1-esv-r9
ISC DHCP=4.1-esv-r9_b1
ISC DHCP=4.1-esv-r9_rc1
ISC DHCP=4.1.0
Redhat Enterprise Linux Desktop=7.0
Redhat Enterprise Linux Server=7.0
Redhat Enterprise Linux Server Aus=7.4
Redhat Enterprise Linux Server Aus=7.6
Redhat Enterprise Linux Server Eus=7.4
Redhat Enterprise Linux Server Eus=7.5
Redhat Enterprise Linux Server Eus=7.6
Redhat Enterprise Linux Server Tus=7.4
Redhat Enterprise Linux Server Tus=7.6
Redhat Enterprise Linux Workstation=7.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=17.10
Debian Debian Linux=8.0
Debian Debian Linux=9.0
debian/isc-dhcp<=4.2.2.dfsg.1-5+deb70u8<=4.3.1-6
4.3.5-3.1
4.3.5-3+deb9u1
4.3.1-6+deb8u3
debian/isc-dhcp
4.4.1-2.3+deb11u2
4.4.1-2.3+deb11u1
4.4.3-P1-2
4.4.3-P1-5

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203