mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-28 17:21:57 +00:00
115 lines
4.5 KiB
JSON
115 lines
4.5 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security-officer@isc.org",
|
|
"DATE_PUBLIC": "2018-01-16T00:00:00.000Z",
|
|
"ID": "CVE-2017-3144",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Failure to properly clean up closed OMAPI connections can exhaust available sockets"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "ISC DHCP",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_name": "ISC DHCP",
|
|
"version_value": "4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "ISC"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
|
|
}
|
|
]
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "LOW",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"version": "3.0"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.\n\nOnce exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc."
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "RHSA-2018:0158",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2018:0158"
|
|
},
|
|
{
|
|
"name": "DSA-4133",
|
|
"refsource": "DEBIAN",
|
|
"url": "https://www.debian.org/security/2018/dsa-4133"
|
|
},
|
|
{
|
|
"name": "102726",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/102726"
|
|
},
|
|
{
|
|
"name": "1040194",
|
|
"refsource": "SECTRACK",
|
|
"url": "http://www.securitytracker.com/id/1040194"
|
|
},
|
|
{
|
|
"name": "USN-3586-1",
|
|
"refsource": "UBUNTU",
|
|
"url": "https://usn.ubuntu.com/3586-1/"
|
|
},
|
|
{
|
|
"name": "https://kb.isc.org/docs/aa-01541",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://kb.isc.org/docs/aa-01541"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"work_around": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation)."
|
|
}
|
|
]
|
|
} |