CVE-2017-3144

Impact:
Moderate
Public Date:
2017-12-07
CWE:
CWE-772
Bugzilla:
1522918: CVE-2017-3144 dhcp: omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service
It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality.

Find out more about CVE-2017-3144 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 5.3
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (dhcp) RHSA-2018:0158 2018-01-25

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 dhcp Not affected
Red Hat Enterprise Linux 5 dhcp Not affected

External References

Last Modified