| Name | CVE-2017-3144 |
| Description | A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-4133-1, ELA-192-1 |
| Debian Bugs | 887413 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| isc-dhcp (PTS) | jessie, jessie (lts) | 4.3.1-6+deb8u6 | fixed |
| stretch (security) | 4.3.5-3+deb9u2 | fixed | |
| stretch (lts), stretch | 4.3.5-3+deb9u3 | fixed | |
| buster (security), buster, buster (lts) | 4.4.1-2+deb10u3 | fixed | |
| bullseye | 4.4.1-2.3+deb11u2 | fixed | |
| bullseye (security) | 4.4.1-2.3+deb11u1 | fixed | |
| bookworm | 4.4.3-P1-2 | fixed | |
| sid, trixie | 4.4.3-P1-5 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| isc-dhcp | source | wheezy | 4.2.2.dfsg.1-5+deb70u10 | ELA-192-1 | ||
| isc-dhcp | source | jessie | 4.3.1-6+deb8u3 | DSA-4133-1 | ||
| isc-dhcp | source | stretch | 4.3.5-3+deb9u1 | DSA-4133-1 | ||
| isc-dhcp | source | (unstable) | 4.3.5-3.1 | 887413 |
[wheezy] - isc-dhcp <no-dsa> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=1522918
https://bugs.isc.org/Public/Bug/Display.html?id=46767
https://gitlab.isc.org/isc-projects/dhcp/-/commit/1a6b62fe17a42b00fa234d06b6dfde3d03451894
Fixes for 4.3.6p1: https://gitlab.isc.org/isc-projects/dhcp/-/commit/99a25aedea02d9c259cb8fabf4be700fb32571a3