CVE-2017-3144

NameCVE-2017-3144
DescriptionA vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4133-1
NVD severitymedium (attack range: remote)
Debian Bugs887413

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
isc-dhcp (PTS)jessie (security), jessie4.3.1-6+deb8u3fixed
stretch (security), stretch4.3.5-3+deb9u1fixed
buster, sid4.4.1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
isc-dhcpsource(unstable)4.3.5-3.1medium887413
isc-dhcpsourcejessie4.3.1-6+deb8u3mediumDSA-4133-1
isc-dhcpsourcestretch4.3.5-3+deb9u1mediumDSA-4133-1

Notes

[wheezy] - isc-dhcp <no-dsa> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=1522918
https://bugs.isc.org/Public/Bug/Display.html?id=46767
https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a42b00fa234d06b6dfde3d03451894
Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3

Search for package or bug name: Reporting problems