| Summary: | <net-misc/dhcp-4.3.6_p1: Failure to properly clean up closed OMAPI connections can exhaust available sockets (CVE-2017-3144) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | base-system |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://kb.isc.org/article/AA-01541 | ||
| Whiteboard: | A3 [glsa+ cve] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Thomas Deutschmann (RETIRED)
2018-01-15 22:16:57 UTC
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server. Once exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc This issue was resolved and addressed in GLSA 201804-05 at https://security.gentoo.org/glsa/201804-05 by GLSA coordinator Aaron Bauman (b-man). |