{"containers": {"cna": {"affected": [{"product": "ISC DHCP", "vendor": "ISC", "versions": [{"status": "affected", "version": "ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."}]}], "datePublic": "2018-01-16T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.\n\nOnce exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-01-17T10:57:01.000Z", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc"}, "references": [{"name": "RHSA-2018:0158", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0158"}, {"name": "DSA-4133", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4133"}, {"name": "102726", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102726"}, {"name": "1040194", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040194"}, {"name": "USN-3586-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3586-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.isc.org/docs/aa-01541"}], "source": {"discovery": "UNKNOWN"}, "title": "Failure to properly clean up closed OMAPI connections can exhaust available sockets", "workarounds": [{"lang": "en", "value": "The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation)."}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-officer@isc.org", "DATE_PUBLIC": "2018-01-16T00:00:00.000Z", "ID": "CVE-2017-3144", "STATE": "PUBLIC", "TITLE": "Failure to properly clean up closed OMAPI connections can exhaust available sockets"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ISC DHCP", "version": {"version_data": [{"version_name": "ISC DHCP", "version_value": "4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."}]}}]}, "vendor_name": "ISC"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.\n\nOnce exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc."}]}]}, "references": {"reference_data": [{"name": "RHSA-2018:0158", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0158"}, {"name": "DSA-4133", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4133"}, {"name": "102726", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102726"}, {"name": "1040194", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040194"}, {"name": "USN-3586-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3586-1/"}, {"name": "https://kb.isc.org/docs/aa-01541", "refsource": "CONFIRM", "url": "https://kb.isc.org/docs/aa-01541"}]}, "source": {"discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation)."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:16:28.230Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2018:0158", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0158"}, {"name": "DSA-4133", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4133"}, {"name": "102726", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102726"}, {"name": "1040194", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040194"}, {"name": "USN-3586-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3586-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.isc.org/docs/aa-01541"}]}]}, "cveMetadata": {"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2017-3144", "datePublished": "2019-01-16T20:00:00.000Z", "dateReserved": "2016-12-02T00:00:00.000Z", "dateUpdated": "2024-09-16T22:46:13.879Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B88B6F8-3F13-4984-BBCF-F79BE911F15D", "versionEndIncluding": "4.2.8", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADAC6E78-8F98-42C3-BE19-276826F84752", "versionEndIncluding": "4.3.6", "versionStartIncluding": "4.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:-:*:*:*:*:*:*", "matchCriteriaId": "F27D0660-2F07-430B-A651-5D0B6AA763C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r1:*:*:*:*:*:*", "matchCriteriaId": "FBAABA4E-0D34-4644-AC26-E272CEE6C361", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10:*:*:*:*:*:*", "matchCriteriaId": "179443DC-4B6A-408A-8BE5-B3E72188F43E", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_b1:*:*:*:*:*:*", "matchCriteriaId": "C9BE7736-58CD-468B-84AB-B38C9B254BA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r10_rc1:*:*:*:*:*:*", "matchCriteriaId": "7EB6F7F0-B2A0-47E3-AD7A-4E7618A36F90", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11:*:*:*:*:*:*", "matchCriteriaId": "ADF80D19-3B0A-4A74-944E-F33CCC30EADA", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_b1:*:*:*:*:*:*", "matchCriteriaId": "40B21FCB-43A8-4266-934D-ECFF8138F637", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc1:*:*:*:*:*:*", "matchCriteriaId": "69D49F23-9074-49E7-985F-4D93393324CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r11_rc2:*:*:*:*:*:*", "matchCriteriaId": "3F729D1D-7234-4BC2-839B-AE1BB9D16C25", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12:*:*:*:*:*:*", "matchCriteriaId": "FBA64EEC-C0C7-4F11-8131-2868691E54DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_b1:*:*:*:*:*:*", "matchCriteriaId": "157520D7-AE39-4E23-A8CF-DD75EA78C055", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r12_p1:*:*:*:*:*:*", "matchCriteriaId": "B07118EC-9508-42B8-8D09-5CE310DA2B43", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13:*:*:*:*:*:*", "matchCriteriaId": "A157E664-6ACE-44CE-AC07-64898B182EA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r13_b1:*:*:*:*:*:*", "matchCriteriaId": "0056BF7A-4A70-4F1D-89C2-25CCDB65217B", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14:*:*:*:*:*:*", "matchCriteriaId": "1D21F05D-246F-41F5-81FD-286C26168E2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r14_b1:*:*:*:*:*:*", "matchCriteriaId": "12103C87-C942-481A-A68C-7BC83F964C06", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r15:*:*:*:*:*:*", "matchCriteriaId": "924E91FF-495F-4963-827F-57F7340C6560", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r2:*:*:*:*:*:*", "matchCriteriaId": "A5E2FFC7-6E73-463E-846C-C403E41A2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3:*:*:*:*:*:*", "matchCriteriaId": "E9D08285-745D-40AB-9A78-F467712CDA5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r3_b1:*:*:*:*:*:*", "matchCriteriaId": "1D115F1F-1A3A-4924-AF10-723B3BB0CBB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r4:*:*:*:*:*:*", "matchCriteriaId": "79F235F0-AD16-4E5B-AB60-97F0BB86AEB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5:*:*:*:*:*:*", "matchCriteriaId": "E84D5E5B-0336-4166-AAAC-49375E3AF971", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_b1:*:*:*:*:*:*", "matchCriteriaId": "09561C97-563C-4DDC-9EE4-E83EFFD467D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc1:*:*:*:*:*:*", "matchCriteriaId": "519CF0CC-FB12-4C68-88A0-E0E15738C620", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r5_rc2:*:*:*:*:*:*", "matchCriteriaId": "80EB131E-32E5-458F-8DDA-48835D2D883F", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r6:*:*:*:*:*:*", "matchCriteriaId": "65E0296F-3522-4B43-AF34-CFE1AE7EEC1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r7:*:*:*:*:*:*", "matchCriteriaId": "69F6E619-A52B-4A60-8247-41ADD0E7D655", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8:*:*:*:*:*:*", "matchCriteriaId": "AA48EBAA-10B7-43D6-9A27-99F2578DF7F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8_b1:*:*:*:*:*:*", "matchCriteriaId": "20040BB3-F157-4505-BB60-0D919A7D1436", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r8_rc1:*:*:*:*:*:*", "matchCriteriaId": "974A8587-8351-490A-82D9-B541862CA4C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9:*:*:*:*:*:*", "matchCriteriaId": "7DABD43E-818A-4B21-B4E7-753056D4A184", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9_b1:*:*:*:*:*:*", "matchCriteriaId": "EE991D0E-2E2D-4844-9BBD-235D8BC5FB7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1-esv:r9_rc1:*:*:*:*:*:*", "matchCriteriaId": "975EF88C-988F-40A6-B7D1-D27439144CC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:dhcp:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "41B46352-9D4D-4C74-876F-3685016025CC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."}, {"lang": "es", "value": "Una vulnerabilidad derivada del error al limpiar correctamente las conexiones OMAPI cerradas puede conducir al agotamiento del grupo de descriptores del socket disponibles para el servidor DHCP. Afecta a ISC DHCP desde la versi\u00f3n 4.1.0 hasta la 4.1-ESV-R15, desde la versi\u00f3n 4.2.0 hasta la 4.2.8 y desde la versi\u00f3n 4.3.0 hasta la 4.3.6. Las versiones anteriores podr\u00edan hacerse visto afectadas, pero han sobrepasado por mucho su fin de vida \u00fatil. Las versiones anteriores a la 4.1.0 no han sido probadas."}], "id": "CVE-2017-3144", "lastModified": "2024-11-21T03:24:55.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-officer@isc.org", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-16T20:29:00.627", "references": [{"source": "security-officer@isc.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102726"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040194"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0158"}, {"source": "security-officer@isc.org", "tags": ["Vendor Advisory"], "url": "https://kb.isc.org/docs/aa-01541"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3586-1/"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4133"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102726"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040194"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0158"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.isc.org/docs/aa-01541"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3586-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4133"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:0158", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "dhcp-12:4.2.5-58.el7_4.1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-01-25T00:00:00Z"}], "bugzilla": {"description": "dhcp: omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service", "id": "1522918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1522918"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-772", "details": ["A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.", "It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality."], "name": "CVE-2017-3144", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "dhcp", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "dhcp", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2017-12-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-3144\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3144\nhttps://kb.isc.org/article/AA-01541"], "threat_severity": "Moderate"}

{}