Date: Tue, 16 Jan 2018 16:38:07 -0500 From: Michael McNally <mcnally@....org> To: oss-security@...ts.openwall.com Subject: ISC has announced CVE-2017-3144, a defect in ISC DHCP Please be advised that ISC has publicly announced a vulnerability in ISC DHCP. CVE-2017-3144 is a partial denial-of-service vector which can be used to exhaust the server's pool of socket descriptors if an attacker can open connections to the server's OMAPI control port. If successfully exploited the attacker can prevent the operator from being able to connect to the server, for example to change server state or to add lease reservations without restarting the server. Since an unauthorized client should not be permitted access to this port under normal circumstances, we are recommending that most operators should simply secure access to the control port; however a patch which properly cleans up the hung socket descriptors is available upon request (and will be included in future maintenance releases.) Our full CVE text can be found at https://kb.isc.org/article/AA-01541 -- Michael McNally ISC Security Officer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ