CVE-2017-3144: Failure to properly clean up closed OMAPI connections can exhaust available sockets
First published: Wed Dec 06 2017(Updated: )
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
Credit: security-officer@isc.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/isc-dhcp | <=4.2.2.dfsg.1-5+deb70u8<=4.3.1-6 | 4.3.5-3.1 4.3.5-3+deb9u1 4.3.1-6+deb8u3 |
| debian/isc-dhcp | 4.4.1-2.3+deb11u2 4.4.1-2.3+deb11u1 4.4.3-P1-2 4.4.3-P1-5 | |
| ISC DHCP | >=4.2.0<=4.2.8 | |
| ISC DHCP | >=4.3.0<=4.3.6 | |
| ISC DHCP | =4.1-esv | |
| ISC DHCP | =4.1-esv-r1 | |
| ISC DHCP | =4.1-esv-r10 | |
| ISC DHCP | =4.1-esv-r10_b1 | |
| ISC DHCP | =4.1-esv-r10_rc1 | |
| ISC DHCP | =4.1-esv-r11 | |
| ISC DHCP | =4.1-esv-r11_b1 | |
| ISC DHCP | =4.1-esv-r11_rc1 | |
| ISC DHCP | =4.1-esv-r11_rc2 | |
| ISC DHCP | =4.1-esv-r12 | |
| ISC DHCP | =4.1-esv-r12_b1 | |
| ISC DHCP | =4.1-esv-r12_p1 | |
| ISC DHCP | =4.1-esv-r13 | |
| ISC DHCP | =4.1-esv-r13_b1 | |
| ISC DHCP | =4.1-esv-r14 | |
| ISC DHCP | =4.1-esv-r14_b1 | |
| ISC DHCP | =4.1-esv-r15 | |
| ISC DHCP | =4.1-esv-r2 | |
| ISC DHCP | =4.1-esv-r3 | |
| ISC DHCP | =4.1-esv-r3_b1 | |
| ISC DHCP | =4.1-esv-r4 | |
| ISC DHCP | =4.1-esv-r5 | |
| ISC DHCP | =4.1-esv-r5_b1 | |
| ISC DHCP | =4.1-esv-r5_rc1 | |
| ISC DHCP | =4.1-esv-r5_rc2 | |
| ISC DHCP | =4.1-esv-r6 | |
| ISC DHCP | =4.1-esv-r7 | |
| ISC DHCP | =4.1-esv-r8 | |
| ISC DHCP | =4.1-esv-r8_b1 | |
| ISC DHCP | =4.1-esv-r8_rc1 | |
| ISC DHCP | =4.1-esv-r9 | |
| ISC DHCP | =4.1-esv-r9_b1 | |
| ISC DHCP | =4.1-esv-r9_rc1 | |
| ISC DHCP | =4.1.0 | |
| Red Hat Enterprise Linux Desktop | =7.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.5 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Server | =7.4 | |
| Red Hat Enterprise Linux Server | =7.6 | |
| Red Hat Enterprise Linux Workstation | =7.0 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Ubuntu | =17.10 | |
| Debian Linux | =8.0 | |
| Debian Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/102726
- http://www.securitytracker.com/id/1040194
- https://access.redhat.com/errata/RHSA-2018:0158
- https://kb.isc.org/docs/aa-01541
- https://usn.ubuntu.com/3586-1/
- https://www.debian.org/security/2018/dsa-4133
- https://security-tracker.debian.org/tracker/CVE-2017-3144
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3144
- https://bugzilla.redhat.com/show_bug.cgi?id=1522918
- https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a42b00fa234d06b6dfde3d03451894
- https://wiki.debian.org/LTS/Development
- https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/dla-needed.txt
- https://security-tracker.debian.org/tracker/CVE-2018-5733
- https://security-tracker.debian.org/tracker/CVE-2018-5732
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887413
- https://launchpad.net/bugs/cve/CVE-2017-3144
- https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1523547
- https://kb.isc.org/article/AA-01541
- https://bugs.isc.org/Public/Bug/Display.html?id=46767
- https://gitlab.isc.org/isc-projects/dhcp/-/commit/1a6b62fe17a42b00fa234d06b6dfde3d03451894
- https://gitlab.isc.org/isc-projects/dhcp/-/commit/99a25aedea02d9c259cb8fabf4be700fb32571a3
- https://nvd.nist.gov/vuln/detail/CVE-2017-3144
- https://ubuntu.com/security/CVE-2017-3144
Frequently Asked Questions
What is the severity of CVE-2017-3144?
CVE-2017-3144 is classified as a medium severity vulnerability due to its potential to exhaust socket descriptors.
How do I fix CVE-2017-3144?
To mitigate CVE-2017-3144, upgrade ISC DHCP to version 4.4 or later or apply vendor patches as specified.
What systems are affected by CVE-2017-3144?
CVE-2017-3144 affects ISC DHCP versions 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, and 4.3.0 to 4.3.6.
What causes CVE-2017-3144?
CVE-2017-3144 is caused by the failure to properly clean up closed OMAPI connections, leading to resource exhaustion.
Can older versions of ISC DHCP be impacted by CVE-2017-3144?
Yes, older versions of ISC DHCP may also be vulnerable to CVE-2017-3144, although they are not explicitly listed.
- collector/debian-bugs
- alias/CVE-2017-3144
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- agent/remedy
- agent/weakness
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/title
- agent/severity
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- agent/tags
- collector/nvd-index
- agent/softwarecombine
- package-manager/debian
- vendor/isc
- canonical/isc dhcp
- version/isc dhcp/4.2.0
- version/isc dhcp/4.2.8
- version/isc dhcp/4.3.0
- version/isc dhcp/4.3.6
- version/isc dhcp/4.1-esv
- version/isc dhcp/4.1-esv-r1
- version/isc dhcp/4.1-esv-r10
- version/isc dhcp/4.1-esv-r10_b1
- version/isc dhcp/4.1-esv-r10_rc1
- version/isc dhcp/4.1-esv-r11
- version/isc dhcp/4.1-esv-r11_b1
- version/isc dhcp/4.1-esv-r11_rc1
- version/isc dhcp/4.1-esv-r11_rc2
- version/isc dhcp/4.1-esv-r12
- version/isc dhcp/4.1-esv-r12_b1
- version/isc dhcp/4.1-esv-r12_p1
- version/isc dhcp/4.1-esv-r13
- version/isc dhcp/4.1-esv-r13_b1
- version/isc dhcp/4.1-esv-r14
- version/isc dhcp/4.1-esv-r14_b1
- version/isc dhcp/4.1-esv-r15
- version/isc dhcp/4.1-esv-r2
- version/isc dhcp/4.1-esv-r3
- version/isc dhcp/4.1-esv-r3_b1
- version/isc dhcp/4.1-esv-r4
- version/isc dhcp/4.1-esv-r5
- version/isc dhcp/4.1-esv-r5_b1
- version/isc dhcp/4.1-esv-r5_rc1
- version/isc dhcp/4.1-esv-r5_rc2
- version/isc dhcp/4.1-esv-r6
- version/isc dhcp/4.1-esv-r7
- version/isc dhcp/4.1-esv-r8
- version/isc dhcp/4.1-esv-r8_b1
- version/isc dhcp/4.1-esv-r8_rc1
- version/isc dhcp/4.1-esv-r9
- version/isc dhcp/4.1-esv-r9_b1
- version/isc dhcp/4.1-esv-r9_rc1
- version/isc dhcp/4.1.0
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/7.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/7.0
- version/red hat enterprise linux server/7.4
- version/red hat enterprise linux server/7.6
- version/red hat enterprise linux server/7.5
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/7.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/16.04
- version/ubuntu/17.10
- vendor/debian
- canonical/debian linux
- version/debian linux/8.0
- version/debian linux/9.0