Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 644708 (CVE-2017-3144) - <net-misc/dhcp-4.3.6_p1: Failure to properly clean up closed OMAPI connections can exhaust available sockets (CVE-2017-3144)
Summary: <net-misc/dhcp-4.3.6_p1: Failure to properly clean up closed OMAPI connection...
Status: RESOLVED FIXED
Alias: CVE-2017-3144
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://kb.isc.org/article/AA-01541
Whiteboard: A3 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-01-15 22:16 UTC by Thomas Deutschmann (RETIRED)
Modified: 2018-04-08 16:48 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2018-01-15 22:16:57 UTC
Incoming details.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2018-01-17 10:30:56 UTC
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. 

By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.

Once exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator.  While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2018-04-08 16:48:08 UTC
This issue was resolved and addressed in
 GLSA 201804-05 at https://security.gentoo.org/glsa/201804-05
by GLSA coordinator Aaron Bauman (b-man).