CVE-2017-3144

NameCVE-2017-3144
DescriptionA vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4133-1
NVD severitymedium
Debian Bugs887413

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
isc-dhcp (PTS)stretch4.3.5-3+deb9u1fixed
stretch (security)4.3.5-3+deb9u2fixed
buster4.4.1-2+deb10u1fixed
bookworm, sid, bullseye4.4.1-2.3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
isc-dhcpsourcejessie4.3.1-6+deb8u3DSA-4133-1
isc-dhcpsourcestretch4.3.5-3+deb9u1DSA-4133-1
isc-dhcpsource(unstable)4.3.5-3.1887413

Notes

[wheezy] - isc-dhcp <no-dsa> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=1522918
https://bugs.isc.org/Public/Bug/Display.html?id=46767
https://gitlab.isc.org/isc-projects/dhcp/-/commit/1a6b62fe17a42b00fa234d06b6dfde3d03451894
Fixes for 4.3.6p1: https://gitlab.isc.org/isc-projects/dhcp/-/commit/99a25aedea02d9c259cb8fabf4be700fb32571a3

Search for package or bug name: Reporting problems