Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2017-3144
PUBLISHED
More InfoOfficial Page
Assigner-isc
Assigner Org ID-404fd4d2-a609-4245-b543-2c944a302a22
View Known Exploited Vulnerability (KEV) details
Published At-16 Jan, 2019 | 20:00
Updated At-16 Sep, 2024 | 22:46
Rejected At-
▼CVE Numbering Authority (CNA)
Failure to properly clean up closed OMAPI connections can exhaust available sockets

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.

Affected Products
Vendor
Internet Systems Consortium, Inc.ISC
Product
ISC DHCP
Versions
Affected
  • ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
Problem Types
TypeCWE IDDescription
textN/ABy intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server. Once exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc.
Type: text
CWE ID: N/A
Description: By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server. Once exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc.
Metrics
VersionBase scoreBase severityVector
3.05.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation).

Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2018:0158
vendor-advisory
x_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4133
vendor-advisory
x_refsource_DEBIAN
http://www.securityfocus.com/bid/102726
vdb-entry
x_refsource_BID
http://www.securitytracker.com/id/1040194
vdb-entry
x_refsource_SECTRACK
https://usn.ubuntu.com/3586-1/
vendor-advisory
x_refsource_UBUNTU
https://kb.isc.org/docs/aa-01541
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0158
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://www.debian.org/security/2018/dsa-4133
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securityfocus.com/bid/102726
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id/1040194
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://usn.ubuntu.com/3586-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://kb.isc.org/docs/aa-01541
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2018:0158
vendor-advisory
x_refsource_REDHAT
x_transferred
https://www.debian.org/security/2018/dsa-4133
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.securityfocus.com/bid/102726
vdb-entry
x_refsource_BID
x_transferred
http://www.securitytracker.com/id/1040194
vdb-entry
x_refsource_SECTRACK
x_transferred
https://usn.ubuntu.com/3586-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://kb.isc.org/docs/aa-01541
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2018:0158
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://www.debian.org/security/2018/dsa-4133
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/102726
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id/1040194
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://usn.ubuntu.com/3586-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://kb.isc.org/docs/aa-01541
Resource:
x_refsource_CONFIRM
x_transferred
Details not found